Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

kubescape report #7060

Closed
iman4000 opened this issue Nov 1, 2022 · 19 comments
Closed

kubescape report #7060

iman4000 opened this issue Nov 1, 2022 · 19 comments
Assignees
@damiencarol
Labels
Import Scans

Comments

@iman4000
Copy link

iman4000 commented Nov 1, 2022

kubescape
Kubescape is a K8s open-source tool providing a Kubernetes single pane of glass, including risk analysis, security compliance, RBAC visualizer, and image vulnerability scanning. Kubescape scans K8s clusters, YAML files, and HELM charts, detecting misconfigurations according to multiple frameworks (such as the NSA-CISA, MITRE ATT&CK®), software vulnerabilities, and RBAC (role-based-access-control) violations at early stages of the CI/CD pipeline, calculates risk score instantly and shows risk trends over time.

Sample File
it support json and junit xml format file
@mtesauro
Copy link
Contributor

mtesauro commented Nov 1, 2022

Do you have an example output file from that tool that you can share? It can be of something that isn't 'real' or feel free to anonymize the data in an example file. That's a crucial part of adding support for a tool in DefectDojo.

Ideally, you could add the example file to this repo: https://github.com/DefectDojo/sample-scan-files or adding it to his issue works as well.

@iman4000
Copy link
Author

iman4000 commented Nov 2, 2022

sure!
I used this command for making sample result:
kubescape scan https://github.com/kubescape/kubescape --format json --format-version=v2 --output results.json
and I did pull request for it's result in json format in sample-scan-files repo

@mtesauro
Copy link
Contributor

mtesauro commented Nov 2, 2022
edited
Loading

Saw the PR and just merged it. Thanks!

@damiencarol @Maffooch Thoughts on this new parser?

Sample file is here: https://github.com/DefectDojo/sample-scan-files/blob/master/kubescape.json

@mschmieder
Copy link

Any update on this parser? We would love to have the results integrated in our dojo as well.

@damiencarol damiencarol self-assigned this Feb 1, 2023
@damiencarol
Copy link
Contributor

Taking this one, should be fun as it's seems to be a meta format.

@reddybhaskarvengala
Copy link

Hi @damiencarol any update on this parser?

@teyhouse
Copy link

teyhouse commented Dec 7, 2023

bump - Hi @damiencarol any updates on this? Would be extremely helpful to have this.
Maybe as an early Christmas gift or the last good deed this year? :D

Thanks!

@Hoffi-Flex
Copy link

Yeah, this would awesome to have!

@manuel-sommer
Copy link
Contributor

I am in a process of implementing the parser. Could you give me more info?

  • I need a sample file with 0 findings
  • Can you always find the same resourceIDs in both results and resources?

manuel-sommer added a commit to manuel-sommer/django-DefectDojo that referenced this issue Jan 28, 2024
@manuel-sommer
✨ add kubescape, DefectDojo#7060
3e9edbc
@manuel-sommer manuel-sommer mentioned this issue Jan 28, 2024
Merged
@manuel-sommer
Copy link
Contributor

I felt free to implement this @damiencarol as there was no response since about a year.

@manuel-sommer
Copy link
Contributor

I am in a process of implementing the parser. Could you give me more info?

* I need a sample file with 0 findings

* Can you always find the same resourceIDs in both results and resources?

@teyhouse @Hoffi-Flex if you provide the mentioned information fast, we might get this PR in into the next release in February.

@teyhouse
Copy link

teyhouse commented Jan 28, 2024
edited
Loading

kubescape.zip
@manuel-sommer Hopefully this will help you - results.json is an example of a scanned nginx.yaml done this way:
kubescape scan nginx.yaml --format json --format-version v2 --output results.json

I guess you want to check for failedResources, which is 0 for all test-cases. I have also attached a Version with failures (failedResources":1), called results_with_failure.json.
I don't know much about the Ressource-IDs as they should not matter if you scan your Kubernetes-YAMLs before you deploy them (I have not scanned within a running K8S-Cluster).

Thank you for taking this further.

@manuel-sommer
Copy link
Contributor

Thank you.
another question @teyhouse :
Some controls do not have a severity attached. By default the severity of Kubescape is Low, Medium, High. It is refered with scores 1 to 3
Should we do the mapping like this:

  • No severity --> Info
  • score 1 --> Low
  • score 2 --> Medium
  • score 3 --> High
    or like this:
  • No severity --> Low
  • score 1 --> Medium
  • score 2 --> High
  • score 3 --> Critical

@teyhouse
Copy link

teyhouse commented Jan 28, 2024
edited
Loading

@manuel-sommer
Thanks for the fast reply, I think that sounds like a good idea, let's do it like you proposed (First Version).

@manuel-sommer
Copy link
Contributor

You can test the PR @teyhouse

@teyhouse
Copy link

You can test the PR @teyhouse

I will see if that is possible during the next couple of days since I am deploying on Kubernetes, I would need to build a new Image-Version with your PR. Maybe with a local Test-Instance, let me see once I get to it.

@teyhouse
Copy link

@manuel-sommer

I just did some testing, looks good in general - please have a look at the attached Screenshots:
finding_detail
finding_list
finding_list_hover
finding_list_info

finding_list_info.png => imported from results.json with zero findings, works as expected
finding_list.png => imported from results_results_with_failure.json, works as expected

The only thing that could be improved is the Naming of the Findings, its to long.
Maybe you can short it to the C-Codes? Check finding_list_hover.png for an example.
So the Name would not be Path=966824446/api=apps/v1//Deployment/nginx-Deployment_C-0014 but instead just C-0014.

Thanks!

@manuel-sommer
Copy link
Contributor

Done

cneill pushed a commit that referenced this issue Jan 31, 2024
@manuel-sommer
✨ add kubescape, #7060 (#9424)
1ffd6dd 
* ✨ add kubescape, #7060

* add severity

* add title and description

* flake8 and unittest update

* ready to review

* Aktualisieren von kubescape.md

* Aktualisieren von parser.py
@manuel-sommer
Copy link
Contributor

This can be closed @mtesauro

@cneill cneill closed this as completed Jan 31, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@damiencarol damiencarol

Labels
Import Scans
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
9 participants
@teyhouse @damiencarol @cneill @mtesauro @iman4000 @mschmieder @reddybhaskarvengala @manuel-sommer @Hoffi-Flex