Merge pull request #9 from DelusionalOptimist/adding-control-list

chore: add control info; fix: generation time
accuknox · Apr 24, 2024 · 35c6335 · 35c6335
2 parents 46dd899 + a116065
commit 35c6335
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 4 deletions.
diff --git a/accuknox-kubescape-job/templates/configmap.yaml b/accuknox-kubescape-job/templates/configmap.yaml
@@ -7,14 +7,27 @@ data:
   augment-and-push-results.sh: |
     #! /bin/env bash
 
+    # get all controls
+    jq -s 'map(.controls[]) | unique_by(.controlID) | .[]' /data/kubescape-cache/allcontrols.json \
+      /data/kubescape-cache/clusterscan.json \
+      /data/kubescape-cache/mitre.json /data/kubescape-cache/nsa.json > /data/controllist.json
+
+    export GENERATION_TIME=`date --utc --iso-8601=s`
+
+    # augment result
     cat <<< $(jq ". +=
       {
+        "generationTime": "'$ENV.GENERATION_TIME'",
+        "summary": {
+          "controls": "'$controllist'"
+        },
         "accuknox_metadata": {
-          "cluster_name":"'$ENV.CLUSTER_NAME'",
-          "label_name":"'$ENV.LABEL_NAME'"
+          "cluster_name": "'$ENV.CLUSTER_NAME'",
+          "label_name": "'$ENV.LABEL_NAME'"
         }
-      }" /data/report.json) > /data/report.json
+      }" /data/report.json --slurpfile controllist /data/controllist.json) > /data/report.json
 
+    # push
     curl --location --request POST \
     --header "Authorization: Bearer ${AUTH_TOKEN}" \
     --header "Tenant-Id: ${TENANT_ID}" \

diff --git a/accuknox-kubescape-job/templates/cronjob.yaml b/accuknox-kubescape-job/templates/cronjob.yaml
@@ -18,7 +18,7 @@ spec:
           initContainers:
             - name: kubescape-init
               image: "{{ .Values.kubescape.image.repository }}:{{ if ne .Values.kubescape.image.tag "" }}{{ .Values.kubescape.image.tag }}{{ else }}v{{ .Chart.AppVersion }}{{ end }}"
-              args: ["scan", "--format", "json", "--output", "/data/report.json", "--cluster-name=$(CLUSTER_NAME)"]
+              args: ["scan", "framework", "allcontrols,clusterscan,mitre,nsa", "--format", "json", "--cache-dir", "/data/kubescape-cache", "--output", "/data/report.json", "--cluster-name=$(CLUSTER_NAME)"]
               env:
                 - name: CLUSTER_NAME
                   value: {{ if ne .Values.accuknox.clusterName "" }}{{ .Values.accuknox.clusterName }}{{ else }}{{ "default" }}{{ end }}