Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package kubescape for openSUSE:Factory checked in at 2026-03-18 16:50:48 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/kubescape (Old) and /work/SRC/openSUSE:Factory/.kubescape.new.8177 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "kubescape" Wed Mar 18 16:50:48 2026 rev:38 rq:1340846 version:4.0.3 Changes: -------- --- /work/SRC/openSUSE:Factory/kubescape/kubescape.changes 2026-02-19 14:22:49.533342553 +0100 +++ /work/SRC/openSUSE:Factory/.kubescape.new.8177/kubescape.changes 2026-03-18 16:52:34.962213324 +0100 @@ -1,0 +2,13 @@ +Wed Mar 18 07:05:40 UTC 2026 - Johannes Kastl <[email protected]> + +- Update to version 4.0.3: + * README.md updated + * log added in scanImage(): value of scanInfo.ListingURL for + reference + * fix: missing host do not return nil error + * feat: new falg --grype-db-url added to overload the url in + kubescape scan command + * build(deps): Bump go.opentelemetry.io/otel/sdk from 1.39.0 to + 1.40.0 + +------------------------------------------------------------------- Old: ---- kubescape-4.0.2.obscpio New: ---- kubescape-4.0.3.obscpio ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ kubescape.spec ++++++ --- /var/tmp/diff_new_pack.YMXLEX/_old 2026-03-18 16:52:37.210305981 +0100 +++ /var/tmp/diff_new_pack.YMXLEX/_new 2026-03-18 16:52:37.218306310 +0100 @@ -17,7 +17,7 @@ Name: kubescape -Version: 4.0.2 +Version: 4.0.3 Release: 0 Summary: Tool providing a multi-cloud K8s single pane of glass License: Apache-2.0 ++++++ _service ++++++ --- /var/tmp/diff_new_pack.YMXLEX/_old 2026-03-18 16:52:37.362312246 +0100 +++ /var/tmp/diff_new_pack.YMXLEX/_new 2026-03-18 16:52:37.386313235 +0100 @@ -3,7 +3,7 @@ <param name="url">https://github.com/armosec/kubescape</param> <param name="scm">git</param> <param name="exclude">.git</param> - <param name="revision">v4.0.2</param> + <param name="revision">v4.0.3</param> <param name="versionformat">@PARENT_TAG@</param> <param name="versionrewrite-pattern">v(.*)</param> <param name="changesgenerate">enable</param> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.YMXLEX/_old 2026-03-18 16:52:37.494317687 +0100 +++ /var/tmp/diff_new_pack.YMXLEX/_new 2026-03-18 16:52:37.510318346 +0100 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/armosec/kubescape</param> - <param name="changesrevision">9aba8e4534913808434e9bd1d8981f6e7fc17e8d</param></service></servicedata> + <param name="changesrevision">b79488dca6a1e1dc3a1c602de082b0de47a32d91</param></service></servicedata> (No newline at EOF) ++++++ kubescape-4.0.2.obscpio -> kubescape-4.0.3.obscpio ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kubescape-4.0.2/README.md new/kubescape-4.0.3/README.md --- old/kubescape-4.0.2/README.md 2026-02-18 14:50:46.000000000 +0100 +++ new/kubescape-4.0.3/README.md 2026-03-15 20:46:26.000000000 +0100 @@ -237,6 +237,15 @@ kubescape scan image myregistry/myimage:tag --username user --password pass ``` +#### Using an Offline Grype Database +```bash +# Start the offline Grype-DB server (using docker) +docker run --rm -p8080:8080 quay.io/kubescape/grype-offline-db:v6-latest + +# Scan an image using the offline database: +kubescape scan image --grype-db-url http://localhost:8080/databases/ nginx:latest +``` + ### Auto-Fix Automatically fix misconfigurations in your manifest files: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kubescape-4.0.2/cmd/patch/patch.go new/kubescape-4.0.3/cmd/patch/patch.go --- old/kubescape-4.0.2/cmd/patch/patch.go 2026-02-18 14:50:46.000000000 +0100 +++ new/kubescape-4.0.3/cmd/patch/patch.go 2026-03-15 20:46:26.000000000 +0100 @@ -80,6 +80,7 @@ patchCmd.PersistentFlags().StringVarP(&scanInfo.FailThresholdSeverity, "severity-threshold", "s", "", "Severity threshold is the severity of a vulnerability at which the command fails and returns exit code 1") patchCmd.PersistentFlags().BoolVarP(&useDefaultMatchers, "use-default-matchers", "", true, "Use default matchers (true) or CPE matchers (false) for image scanning") + patchCmd.PersistentFlags().StringVar(&scanInfo.ListingURL, "grype-db-url", "", "Grype vulnerability database URL") return patchCmd } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kubescape-4.0.2/cmd/scan/scan.go new/kubescape-4.0.3/cmd/scan/scan.go --- old/kubescape-4.0.2/cmd/scan/scan.go 2026-02-18 14:50:46.000000000 +0100 +++ new/kubescape-4.0.3/cmd/scan/scan.go 2026-03-15 20:46:26.000000000 +0100 @@ -94,6 +94,7 @@ scanCmd.PersistentFlags().BoolVarP(&scanInfo.ScanImages, "scan-images", "", false, "Scan resources images") scanCmd.PersistentFlags().BoolVarP(&scanInfo.UseDefaultMatchers, "use-default-matchers", "", true, "Use default matchers (true) or CPE matchers (false) for image scanning") scanCmd.PersistentFlags().StringSliceVar(&scanInfo.LabelsToCopy, "labels-to-copy", nil, "Labels to copy from workloads to scan reports for easy identification. e.g: --labels-to-copy=app,team,environment") + scanCmd.PersistentFlags().StringVar(&scanInfo.ListingURL, "grype-db-url", "", "Grype vulnerability database URL") scanCmd.PersistentFlags().MarkDeprecated("fail-threshold", "use '--compliance-threshold' flag instead. Flag will be removed at 1.Dec.2023") scanCmd.PersistentFlags().MarkDeprecated("create-account", "Create account is no longer supported. In case of a missing Account ID and a configured backend server, a new account id will be generated automatically by Kubescape. Feel free to contact the Kubescape maintainers for more information.") diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kubescape-4.0.2/core/cautils/scaninfo.go new/kubescape-4.0.3/core/cautils/scaninfo.go --- old/kubescape-4.0.2/core/cautils/scaninfo.go 2026-02-18 14:50:46.000000000 +0100 +++ new/kubescape-4.0.3/core/cautils/scaninfo.go 2026-03-15 20:46:26.000000000 +0100 @@ -143,6 +143,7 @@ LabelsToCopy []string // Labels to copy from workloads to scan reports scanningContext *ScanningContext cleanups []func() + ListingURL string //Grype vulnerability database URL } type Getters struct { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kubescape-4.0.2/core/core/image_scan.go new/kubescape-4.0.3/core/core/image_scan.go --- old/kubescape-4.0.2/core/core/image_scan.go 2026-02-18 14:50:46.000000000 +0100 +++ new/kubescape-4.0.3/core/core/image_scan.go 2026-03-15 20:46:26.000000000 +0100 @@ -165,7 +165,11 @@ func (ks *Kubescape) ScanImage(imgScanInfo *ksmetav1.ImageScanInfo, scanInfo *cautils.ScanInfo) (bool, error) { logger.L().Start(fmt.Sprintf("Scanning image %s...", imgScanInfo.Image)) - distCfg, installCfg, _ := imagescan.NewDefaultDBConfig() + distCfg, installCfg, _, err := imagescan.NewDefaultDBConfig(scanInfo.ListingURL) + if err != nil { + logger.L().StopError(fmt.Sprintf("Invalid Grype database URL '%s': %v", scanInfo.ListingURL, err)) + return false, err + } svc, err := imagescan.NewScanServiceWithMatchers(distCfg, installCfg, imgScanInfo.UseDefaultMatchers) if err != nil { logger.L().StopError(fmt.Sprintf("Failed to initialize image scanner: %s", err)) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kubescape-4.0.2/core/core/patch.go new/kubescape-4.0.3/core/core/patch.go --- old/kubescape-4.0.2/core/core/patch.go 2026-02-18 14:50:46.000000000 +0100 +++ new/kubescape-4.0.3/core/core/patch.go 2026-03-15 20:46:26.000000000 +0100 @@ -48,7 +48,11 @@ logger.L().Start(fmt.Sprintf("Scanning image: %s", patchInfo.Image)) // Setup the scan service - distCfg, installCfg, _ := imagescan.NewDefaultDBConfig() + distCfg, installCfg, _, err := imagescan.NewDefaultDBConfig(scanInfo.ListingURL) + if err != nil { + logger.L().StopError(fmt.Sprintf("Invalid Grype database URL '%s': %v", scanInfo.ListingURL, err)) + return false, err + } svc, err := imagescan.NewScanServiceWithMatchers(distCfg, installCfg, scanInfo.UseDefaultMatchers) if err != nil { logger.L().StopError(fmt.Sprintf("Failed to initialize image scanner: %s", err)) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kubescape-4.0.2/core/core/scan.go new/kubescape-4.0.3/core/core/scan.go --- old/kubescape-4.0.2/core/core/scan.go 2026-02-18 14:50:46.000000000 +0100 +++ new/kubescape-4.0.3/core/core/scan.go 2026-03-15 20:46:26.000000000 +0100 @@ -249,7 +249,11 @@ } } - distCfg, installCfg, _ := imagescan.NewDefaultDBConfig() + distCfg, installCfg, _, err := imagescan.NewDefaultDBConfig(scanInfo.ListingURL) + if err != nil { + logger.L().StopError(fmt.Sprintf("Invalid Grype database URL '%s': %v", scanInfo.ListingURL, err)) + return + } svc, err := imagescan.NewScanServiceWithMatchers(distCfg, installCfg, scanInfo.UseDefaultMatchers) if err != nil { logger.L().StopError(fmt.Sprintf("Failed to initialize image scanner: %s", err)) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kubescape-4.0.2/go.mod new/kubescape-4.0.3/go.mod --- old/kubescape-4.0.2/go.mod 2026-02-18 14:50:46.000000000 +0100 +++ new/kubescape-4.0.3/go.mod 2026-03-15 20:46:26.000000000 +0100 @@ -54,8 +54,8 @@ github.com/sirupsen/logrus v1.9.4 github.com/spf13/cobra v1.10.2 github.com/stretchr/testify v1.11.1 - go.opentelemetry.io/otel v1.39.0 - go.opentelemetry.io/otel/metric v1.39.0 + go.opentelemetry.io/otel v1.40.0 + go.opentelemetry.io/otel/metric v1.40.0 golang.org/x/mod v0.31.0 golang.org/x/sync v0.19.0 golang.org/x/term v0.38.0 @@ -545,10 +545,10 @@ go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.39.0 // indirect go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.37.0 // indirect go.opentelemetry.io/otel/log v0.13.0 // indirect - go.opentelemetry.io/otel/sdk v1.39.0 // indirect + go.opentelemetry.io/otel/sdk v1.40.0 // indirect go.opentelemetry.io/otel/sdk/log v0.13.0 // indirect - go.opentelemetry.io/otel/sdk/metric v1.39.0 // indirect - go.opentelemetry.io/otel/trace v1.39.0 // indirect + go.opentelemetry.io/otel/sdk/metric v1.40.0 // indirect + go.opentelemetry.io/otel/trace v1.40.0 // indirect go.opentelemetry.io/proto/otlp v1.9.0 // indirect go.uber.org/mock v0.6.0 // indirect go.uber.org/multierr v1.11.0 // indirect @@ -562,7 +562,7 @@ golang.org/x/image v0.25.0 // indirect golang.org/x/net v0.48.0 // indirect golang.org/x/oauth2 v0.34.0 // indirect - golang.org/x/sys v0.39.0 // indirect + golang.org/x/sys v0.40.0 // indirect golang.org/x/text v0.32.0 // indirect golang.org/x/time v0.14.0 // indirect golang.org/x/tools v0.40.0 // indirect diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kubescape-4.0.2/go.sum new/kubescape-4.0.3/go.sum --- old/kubescape-4.0.2/go.sum 2026-02-18 14:50:46.000000000 +0100 +++ new/kubescape-4.0.3/go.sum 2026-03-15 20:46:26.000000000 +0100 @@ -2494,8 +2494,8 @@ go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.63.0/go.mod h1:h06DGIukJOevXaj/xrNjhi/2098RZzcLTbc0jDAUbsg= go.opentelemetry.io/contrib/instrumentation/runtime v0.62.0 h1:ZIt0ya9/y4WyRIzfLC8hQRRsWg0J9M9GyaGtIMiElZI= go.opentelemetry.io/contrib/instrumentation/runtime v0.62.0/go.mod h1:F1aJ9VuiKWOlWwKdTYDUp1aoS0HzQxg38/VLxKmhm5U= -go.opentelemetry.io/otel v1.39.0 h1:8yPrr/S0ND9QEfTfdP9V+SiwT4E0G7Y5MO7p85nis48= -go.opentelemetry.io/otel v1.39.0/go.mod h1:kLlFTywNWrFyEdH0oj2xK0bFYZtHRYUdv1NklR/tgc8= +go.opentelemetry.io/otel v1.40.0 h1:oA5YeOcpRTXq6NN7frwmwFR0Cn3RhTVZvXsP4duvCms= +go.opentelemetry.io/otel v1.40.0/go.mod h1:IMb+uXZUKkMXdPddhwAHm6UfOwJyh4ct1ybIlV14J0g= go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc v0.8.0 h1:WzNab7hOOLzdDF/EoWCt4glhrbMPVMOO5JYTmpz36Ls= go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc v0.8.0/go.mod h1:hKvJwTzJdp90Vh7p6q/9PAOd55dI6WA6sWj62a/JvSs= go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp v0.13.0 h1:zUfYw8cscHHLwaY8Xz3fiJu+R59xBnkgq2Zr1lwmK/0= @@ -2520,18 +2520,18 @@ go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.37.0/go.mod h1:tx8OOlGH6R4kLV67YaYO44GFXloEjGPZuMjEkaaqIp4= go.opentelemetry.io/otel/log v0.13.0 h1:yoxRoIZcohB6Xf0lNv9QIyCzQvrtGZklVbdCoyb7dls= go.opentelemetry.io/otel/log v0.13.0/go.mod h1:INKfG4k1O9CL25BaM1qLe0zIedOpvlS5Z7XgSbmN83E= -go.opentelemetry.io/otel/metric v1.39.0 h1:d1UzonvEZriVfpNKEVmHXbdf909uGTOQjA0HF0Ls5Q0= -go.opentelemetry.io/otel/metric v1.39.0/go.mod h1:jrZSWL33sD7bBxg1xjrqyDjnuzTUB0x1nBERXd7Ftcs= -go.opentelemetry.io/otel/sdk v1.39.0 h1:nMLYcjVsvdui1B/4FRkwjzoRVsMK8uL/cj0OyhKzt18= -go.opentelemetry.io/otel/sdk v1.39.0/go.mod h1:vDojkC4/jsTJsE+kh+LXYQlbL8CgrEcwmt1ENZszdJE= +go.opentelemetry.io/otel/metric v1.40.0 h1:rcZe317KPftE2rstWIBitCdVp89A2HqjkxR3c11+p9g= +go.opentelemetry.io/otel/metric v1.40.0/go.mod h1:ib/crwQH7N3r5kfiBZQbwrTge743UDc7DTFVZrrXnqc= +go.opentelemetry.io/otel/sdk v1.40.0 h1:KHW/jUzgo6wsPh9At46+h4upjtccTmuZCFAc9OJ71f8= +go.opentelemetry.io/otel/sdk v1.40.0/go.mod h1:Ph7EFdYvxq72Y8Li9q8KebuYUr2KoeyHx0DRMKrYBUE= go.opentelemetry.io/otel/sdk/log v0.13.0 h1:I3CGUszjM926OphK8ZdzF+kLqFvfRY/IIoFq/TjwfaQ= go.opentelemetry.io/otel/sdk/log v0.13.0/go.mod h1:lOrQyCCXmpZdN7NchXb6DOZZa1N5G1R2tm5GMMTpDBw= go.opentelemetry.io/otel/sdk/log/logtest v0.13.0 h1:9yio6AFZ3QD9j9oqshV1Ibm9gPLlHNxurno5BreMtIA= go.opentelemetry.io/otel/sdk/log/logtest v0.13.0/go.mod h1:QOGiAJHl+fob8Nu85ifXfuQYmJTFAvcrxL6w5/tu168= -go.opentelemetry.io/otel/sdk/metric v1.39.0 h1:cXMVVFVgsIf2YL6QkRF4Urbr/aMInf+2WKg+sEJTtB8= -go.opentelemetry.io/otel/sdk/metric v1.39.0/go.mod h1:xq9HEVH7qeX69/JnwEfp6fVq5wosJsY1mt4lLfYdVew= -go.opentelemetry.io/otel/trace v1.39.0 h1:2d2vfpEDmCJ5zVYz7ijaJdOF59xLomrvj7bjt6/qCJI= -go.opentelemetry.io/otel/trace v1.39.0/go.mod h1:88w4/PnZSazkGzz/w84VHpQafiU4EtqqlVdxWy+rNOA= +go.opentelemetry.io/otel/sdk/metric v1.40.0 h1:mtmdVqgQkeRxHgRv4qhyJduP3fYJRMX4AtAlbuWdCYw= +go.opentelemetry.io/otel/sdk/metric v1.40.0/go.mod h1:4Z2bGMf0KSK3uRjlczMOeMhKU2rhUqdWNoKcYrtcBPg= +go.opentelemetry.io/otel/trace v1.40.0 h1:WA4etStDttCSYuhwvEa8OP8I5EWu24lkOzp+ZYblVjw= +go.opentelemetry.io/otel/trace v1.40.0/go.mod h1:zeAhriXecNGP/s2SEG3+Y8X9ujcJOTqQ5RgdEJcawiA= go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= go.opentelemetry.io/proto/otlp v0.15.0/go.mod h1:H7XAot3MsfNsj7EXtrA2q5xSNQ10UqI405h3+duxN4U= go.opentelemetry.io/proto/otlp v0.19.0/go.mod h1:H7XAot3MsfNsj7EXtrA2q5xSNQ10UqI405h3+duxN4U= @@ -2910,8 +2910,8 @@ golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.39.0 h1:CvCKL8MeisomCi6qNZ+wbb0DN9E5AATixKsvNtMoMFk= -golang.org/x/sys v0.39.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= +golang.org/x/sys v0.40.0 h1:DBZZqJ2Rkml6QMQsZywtnjnnGvHza6BTfYFWY9kjEWQ= +golang.org/x/sys v0.40.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kubescape-4.0.2/httphandler/go.mod new/kubescape-4.0.3/httphandler/go.mod --- old/kubescape-4.0.2/httphandler/go.mod 2026-02-18 14:50:46.000000000 +0100 +++ new/kubescape-4.0.3/httphandler/go.mod 2026-03-15 20:46:26.000000000 +0100 @@ -21,14 +21,14 @@ github.com/spf13/viper v1.21.0 github.com/stretchr/testify v1.11.1 go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux v0.45.0 - go.opentelemetry.io/otel v1.39.0 + go.opentelemetry.io/otel v1.40.0 k8s.io/apimachinery v0.35.0 k8s.io/client-go v0.35.0 k8s.io/utils v0.0.0-20251002143259-bc988d571ff4 ) require ( - go.opentelemetry.io/otel/trace v1.39.0 + go.opentelemetry.io/otel/trace v1.40.0 go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.27.1 // indirect golang.org/x/crypto v0.46.0 // indirect @@ -549,10 +549,10 @@ go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.39.0 // indirect go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.37.0 // indirect go.opentelemetry.io/otel/log v0.13.0 // indirect - go.opentelemetry.io/otel/metric v1.39.0 // indirect - go.opentelemetry.io/otel/sdk v1.39.0 // indirect + go.opentelemetry.io/otel/metric v1.40.0 // indirect + go.opentelemetry.io/otel/sdk v1.40.0 // indirect go.opentelemetry.io/otel/sdk/log v0.13.0 // indirect - go.opentelemetry.io/otel/sdk/metric v1.39.0 // indirect + go.opentelemetry.io/otel/sdk/metric v1.40.0 // indirect go.opentelemetry.io/proto/otlp v1.9.0 // indirect go.uber.org/mock v0.6.0 // indirect go.yaml.in/yaml/v2 v2.4.3 // indirect @@ -561,7 +561,7 @@ go4.org/netipx v0.0.0-20231129151722-fdeea329fbba // indirect golang.org/x/image v0.25.0 // indirect golang.org/x/sync v0.19.0 // indirect - golang.org/x/sys v0.39.0 // indirect + golang.org/x/sys v0.40.0 // indirect golang.org/x/term v0.38.0 // indirect golang.org/x/text v0.32.0 // indirect golang.org/x/time v0.14.0 // indirect diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kubescape-4.0.2/httphandler/go.sum new/kubescape-4.0.3/httphandler/go.sum --- old/kubescape-4.0.2/httphandler/go.sum 2026-02-18 14:50:46.000000000 +0100 +++ new/kubescape-4.0.3/httphandler/go.sum 2026-03-15 20:46:26.000000000 +0100 @@ -2492,8 +2492,8 @@ go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.63.0/go.mod h1:h06DGIukJOevXaj/xrNjhi/2098RZzcLTbc0jDAUbsg= go.opentelemetry.io/contrib/instrumentation/runtime v0.62.0 h1:ZIt0ya9/y4WyRIzfLC8hQRRsWg0J9M9GyaGtIMiElZI= go.opentelemetry.io/contrib/instrumentation/runtime v0.62.0/go.mod h1:F1aJ9VuiKWOlWwKdTYDUp1aoS0HzQxg38/VLxKmhm5U= -go.opentelemetry.io/otel v1.39.0 h1:8yPrr/S0ND9QEfTfdP9V+SiwT4E0G7Y5MO7p85nis48= -go.opentelemetry.io/otel v1.39.0/go.mod h1:kLlFTywNWrFyEdH0oj2xK0bFYZtHRYUdv1NklR/tgc8= +go.opentelemetry.io/otel v1.40.0 h1:oA5YeOcpRTXq6NN7frwmwFR0Cn3RhTVZvXsP4duvCms= +go.opentelemetry.io/otel v1.40.0/go.mod h1:IMb+uXZUKkMXdPddhwAHm6UfOwJyh4ct1ybIlV14J0g= go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc v0.8.0 h1:WzNab7hOOLzdDF/EoWCt4glhrbMPVMOO5JYTmpz36Ls= go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc v0.8.0/go.mod h1:hKvJwTzJdp90Vh7p6q/9PAOd55dI6WA6sWj62a/JvSs= go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp v0.13.0 h1:zUfYw8cscHHLwaY8Xz3fiJu+R59xBnkgq2Zr1lwmK/0= @@ -2518,18 +2518,18 @@ go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.37.0/go.mod h1:tx8OOlGH6R4kLV67YaYO44GFXloEjGPZuMjEkaaqIp4= go.opentelemetry.io/otel/log v0.13.0 h1:yoxRoIZcohB6Xf0lNv9QIyCzQvrtGZklVbdCoyb7dls= go.opentelemetry.io/otel/log v0.13.0/go.mod h1:INKfG4k1O9CL25BaM1qLe0zIedOpvlS5Z7XgSbmN83E= -go.opentelemetry.io/otel/metric v1.39.0 h1:d1UzonvEZriVfpNKEVmHXbdf909uGTOQjA0HF0Ls5Q0= -go.opentelemetry.io/otel/metric v1.39.0/go.mod h1:jrZSWL33sD7bBxg1xjrqyDjnuzTUB0x1nBERXd7Ftcs= -go.opentelemetry.io/otel/sdk v1.39.0 h1:nMLYcjVsvdui1B/4FRkwjzoRVsMK8uL/cj0OyhKzt18= -go.opentelemetry.io/otel/sdk v1.39.0/go.mod h1:vDojkC4/jsTJsE+kh+LXYQlbL8CgrEcwmt1ENZszdJE= +go.opentelemetry.io/otel/metric v1.40.0 h1:rcZe317KPftE2rstWIBitCdVp89A2HqjkxR3c11+p9g= +go.opentelemetry.io/otel/metric v1.40.0/go.mod h1:ib/crwQH7N3r5kfiBZQbwrTge743UDc7DTFVZrrXnqc= +go.opentelemetry.io/otel/sdk v1.40.0 h1:KHW/jUzgo6wsPh9At46+h4upjtccTmuZCFAc9OJ71f8= +go.opentelemetry.io/otel/sdk v1.40.0/go.mod h1:Ph7EFdYvxq72Y8Li9q8KebuYUr2KoeyHx0DRMKrYBUE= go.opentelemetry.io/otel/sdk/log v0.13.0 h1:I3CGUszjM926OphK8ZdzF+kLqFvfRY/IIoFq/TjwfaQ= go.opentelemetry.io/otel/sdk/log v0.13.0/go.mod h1:lOrQyCCXmpZdN7NchXb6DOZZa1N5G1R2tm5GMMTpDBw= go.opentelemetry.io/otel/sdk/log/logtest v0.13.0 h1:9yio6AFZ3QD9j9oqshV1Ibm9gPLlHNxurno5BreMtIA= go.opentelemetry.io/otel/sdk/log/logtest v0.13.0/go.mod h1:QOGiAJHl+fob8Nu85ifXfuQYmJTFAvcrxL6w5/tu168= -go.opentelemetry.io/otel/sdk/metric v1.39.0 h1:cXMVVFVgsIf2YL6QkRF4Urbr/aMInf+2WKg+sEJTtB8= -go.opentelemetry.io/otel/sdk/metric v1.39.0/go.mod h1:xq9HEVH7qeX69/JnwEfp6fVq5wosJsY1mt4lLfYdVew= -go.opentelemetry.io/otel/trace v1.39.0 h1:2d2vfpEDmCJ5zVYz7ijaJdOF59xLomrvj7bjt6/qCJI= -go.opentelemetry.io/otel/trace v1.39.0/go.mod h1:88w4/PnZSazkGzz/w84VHpQafiU4EtqqlVdxWy+rNOA= +go.opentelemetry.io/otel/sdk/metric v1.40.0 h1:mtmdVqgQkeRxHgRv4qhyJduP3fYJRMX4AtAlbuWdCYw= +go.opentelemetry.io/otel/sdk/metric v1.40.0/go.mod h1:4Z2bGMf0KSK3uRjlczMOeMhKU2rhUqdWNoKcYrtcBPg= +go.opentelemetry.io/otel/trace v1.40.0 h1:WA4etStDttCSYuhwvEa8OP8I5EWu24lkOzp+ZYblVjw= +go.opentelemetry.io/otel/trace v1.40.0/go.mod h1:zeAhriXecNGP/s2SEG3+Y8X9ujcJOTqQ5RgdEJcawiA= go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= go.opentelemetry.io/proto/otlp v0.15.0/go.mod h1:H7XAot3MsfNsj7EXtrA2q5xSNQ10UqI405h3+duxN4U= go.opentelemetry.io/proto/otlp v0.19.0/go.mod h1:H7XAot3MsfNsj7EXtrA2q5xSNQ10UqI405h3+duxN4U= @@ -2908,8 +2908,8 @@ golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.39.0 h1:CvCKL8MeisomCi6qNZ+wbb0DN9E5AATixKsvNtMoMFk= -golang.org/x/sys v0.39.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= +golang.org/x/sys v0.40.0 h1:DBZZqJ2Rkml6QMQsZywtnjnnGvHza6BTfYFWY9kjEWQ= +golang.org/x/sys v0.40.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kubescape-4.0.2/pkg/imagescan/imagescan.go new/kubescape-4.0.3/pkg/imagescan/imagescan.go --- old/kubescape-4.0.2/pkg/imagescan/imagescan.go 2026-02-18 14:50:46.000000000 +0100 +++ new/kubescape-4.0.3/pkg/imagescan/imagescan.go 2026-03-15 20:46:26.000000000 +0100 @@ -4,6 +4,7 @@ "context" "errors" "fmt" + "net/url" "path/filepath" "strings" @@ -25,6 +26,7 @@ "github.com/anchore/grype/grype/vulnerability" "github.com/anchore/stereoscope/pkg/image" "github.com/anchore/syft/syft" + "github.com/kubescape/go-logger" "github.com/kubescape/kubescape/v3/core/cautils" ) @@ -42,16 +44,34 @@ return c.Username == "" || c.Password == "" } -func NewDefaultDBConfig() (distribution.Config, installation.Config, bool) { +func NewDefaultDBConfig(grypeURL string) (distribution.Config, installation.Config, bool, error) { dir := filepath.Join(xdg.CacheHome, defaultDBDirName) - url := defaultGrypeListingURL + finalURL := defaultGrypeListingURL + if grypeURL != "" { + logger.L().Info(fmt.Sprintf("Using custom Grype database URL: %s", grypeURL)) + parsed, err := url.ParseRequestURI(grypeURL) + if err != nil { + return distribution.Config{}, installation.Config{}, false, err + } + + if parsed.Host == "" { + return distribution.Config{}, installation.Config{}, false, fmt.Errorf("invalid grype DB URL: missing host") + } + + if parsed.Scheme != "https" && parsed.Scheme != "http" { + return distribution.Config{}, installation.Config{}, false, fmt.Errorf("invalid scheme: %s", parsed.Scheme) + } + + finalURL = grypeURL + } + shouldUpdate := true return distribution.Config{ - LatestURL: url, + LatestURL: finalURL, }, installation.Config{ DBRootDir: dir, - }, shouldUpdate + }, shouldUpdate, nil } func getMatchers(useDefaultMatchers bool) []match.Matcher { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kubescape-4.0.2/pkg/imagescan/imagescan_test.go new/kubescape-4.0.3/pkg/imagescan/imagescan_test.go --- old/kubescape-4.0.2/pkg/imagescan/imagescan_test.go 2026-02-18 14:50:46.000000000 +0100 +++ new/kubescape-4.0.3/pkg/imagescan/imagescan_test.go 2026-03-15 20:46:26.000000000 +0100 @@ -176,7 +176,7 @@ func TestNewScanServiceWithMatchersIntegration(t *testing.T) { // Test the actual NewScanServiceWithMatchers function - distCfg, installCfg, _ := NewDefaultDBConfig() + distCfg, installCfg, _, _ := NewDefaultDBConfig("") // Test with default matchers enabled svcWithDefault, err := NewScanServiceWithMatchers(distCfg, installCfg, true) ++++++ kubescape.obsinfo ++++++ --- /var/tmp/diff_new_pack.YMXLEX/_old 2026-03-18 16:52:39.922417762 +0100 +++ /var/tmp/diff_new_pack.YMXLEX/_new 2026-03-18 16:52:39.934418257 +0100 @@ -1,5 +1,5 @@ name: kubescape -version: 4.0.2 -mtime: 1771422646 -commit: 9aba8e4534913808434e9bd1d8981f6e7fc17e8d +version: 4.0.3 +mtime: 1773603986 +commit: b79488dca6a1e1dc3a1c602de082b0de47a32d91 ++++++ vendor.tar.gz ++++++ /work/SRC/openSUSE:Factory/kubescape/vendor.tar.gz /work/SRC/openSUSE:Factory/.kubescape.new.8177/vendor.tar.gz differ: char 127, line 1
