Scan multiple files at once

[danthegoodman1]

ISSUE TYPE

• Feature Idea

BUG REPORT

SUMMARY

It would be great if there was a way to pass multiple files to kubeaudit so that it could do many at once, specifically for the docker container

ENVIRONMENT

• latest docker version

Proposal:

Being able to run a command like:
docker run -v $(pwd):/app shopify/kubeaudit all -f /app/*.y\*ml
would be sublime. The above command spits out:

time="2021-05-25T14:45:41Z" level=fatal msg="Error opening manifest file" error="open /app/*.y\\*ml): no such file or directory"

If I manually pass multiple files in with working paths that I've tested individually, it only scans the first file, all others are ignored.

[ghost]

Thanks for opening your first issue here! Be sure to follow the issue template!

[dani-santos-code]

Thanks for your suggestion @danthegoodman1. The team will triage this issue in the next meeting. Also, feel free to open a PR if you have time/want to contribute! :)

[genevieveluyt]

Agreed that support for multiple files would be really awesome. We've thought about implementing this before but got kind of stuck choosing the right approach. We could either

1. Include the filename in each result (in the metadata)
   Pro: This wouldn't change any exposed structures since the metadata where we would be adding the filename is just a map that can contain any data
   Con: Results from the same file wouldn't necessarily be grouped together
   Con: We would need to pass the filename around through a lot of the codebase, or modify results at the end by inserting the filename

2. Run the audit (as it works currently) for each file in the provided glob / directory and group the results by filename
   Pro: Results from the same file would be grouped together
   Pro: This would require very little change to the code since it would happen at basically the entrypoint
   Con: This would be a breaking change for both the package and for any programs consuming the JSON output

We could potentially get around the the con for option 2 by

1. Providing a new function in the package like AuditGlob that returns results in the new structure (eg. a map where the key is the filename and the value is an array of results)
2. For the cli, if the param passed into -f is a file, produce results as they are today, or if it's a glob / directory, group results by filename. This might result in kind of confusing behaviour, so a separate flag for like group-by-filename might be better?

[nobletrout]

a cheap solution is to use xargs, for example
ls *.yaml | xargs kubeaudit all -f

[MikeDevresse]

I've come up with this if someone need, it finds all files recursively. This might be useful for CI for example.
find ./ | grep .yaml | xargs -I{} -d'\n' kubeaudit all -f {}