Skip to content

Release v0.1.25
Compare
Choose a tag to compare
@github-actions github-actions released this 14 Jun 15:47
· 344 commits to main since this release
v0.1.25
d7dc27c
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Overview

Ticket: https://cyberarmor-io.atlassian.net/browse/SUB-1443

This PR adds support for scanning images from container registries which require authentication.
Up until now, this was only possible for scanning images at the registry, but not for image scanning within a cluster.

Before sending the scan command, we look for all registry scan secrets (those which start with kubescape-registry-scan) and look for a match with the ImageTag (a strings.Contains comparison). In such case, we add the credentials to the websocket command for kubevuln.

The documentation describes how to create such secret if it does not exist - https://hub.armosec.io/docs/registry-vulnerability-scan

A secret for example:

kind: Secret
apiVersion: v1
metadata:
  name: kubescape-registry-scan-my-acr-secret
  namespace: kubescape
type: Opaque
stringData:
  registriesAuth: |
    [     
      {
        "registry": "myrepo.azurecr.io",
        "username": "<username/clientID>",
        "password": "<password/secret>",
        "auth_method": "credentials"
      }
    ]
Assets 2
Loading