Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: introduce --exclude-owned flag to exclude K8S Resources with Owner References #5059

Merged
merged 2 commits into from
Aug 31, 2023
Merged

feat: introduce --exclude-owned flag to exclude K8S Resources with Owner References #5059

merged 2 commits into from
Aug 31, 2023

Conversation

thapabishwa
Copy link
Contributor

@thapabishwa thapabishwa commented Aug 29, 2023
edited by chen-keinan
Loading

Description

This PR introduces the --exclude-owned flag to the Kubernetes resource handling. The purpose of this flag is to allow exclusion of Kubernetes objects that have an owner reference. This can be useful when we want to filter out resources that are managed or owned by other objects.

Use cases

  • Exclude Kubernetes artifacts that have owner references from being scanned. When --exclude-owner is enabled, this flag streamlines scanning by skipping resources that are managed by higher-level controllers.

Before

trivy k8s pods,rs,statefulsets,deployments,daemonsets,jobs,cronjobs --report=summary --scanners config --all-namespaces
Workload Assessment
┌──────────────┬───────────────────────────────────────────────┬─────────────────────┐
│  Namespace   │                   Resource                    │  Misconfigurations  │
│              │                                               ├───┬───┬────┬────┬───┤
│              │                                               │ C │ H │ M  │ L  │ U │
├──────────────┼───────────────────────────────────────────────┼───┼───┼────┼────┼───┤
│ kube-system  │ Pod/ebs-csi-node-pjml9                        │   │ 1 │ 10 │ 20 │   │
│ kube-system  │ DaemonSet/ebs-csi-node                        │   │ 1 │ 10 │ 20 │   │
│ kube-system  │ Deployment/coredns                            │   │   │ 3  │ 5  │   │
│ kube-system  │ DaemonSet/aws-for-fluent-bit                  │   │   │ 4  │ 8  │   │
│ kube-system  │ ReplicaSet/coredns-66dddcb88c                 │   │   │ 3  │ 5  │   │
│ kube-system  │ DaemonSet/kube-proxy                          │   │ 2 │ 4  │ 10 │   │
│ kube-system  │ Deployment/ebs-csi-controller                 │   │   │ 5  │ 31 │   │
│ kube-system  │ Pod/aws-node-9f6mb                            │   │ 4 │ 8  │ 19 │   │
│ kube-system  │ DaemonSet/aws-node                            │   │ 2 │ 8  │ 20 │   │
│ kube-system  │ Pod/ebs-csi-controller-846b7ddddb-nj6ks       │   │   │ 5  │ 31 │   │
│ kube-system  │ Pod/ebs-csi-controller-846b7ddddb-tbl88       │   │   │ 5  │ 31 │   │
│ kube-system  │ Pod/kube-proxy-mp45r                          │   │ 2 │ 4  │ 10 │   │
│ kube-system  │ Pod/coredns-655c69d4f4-kmx6c                  │   │   │ 3  │ 5  │   │
│ kube-system  │ ReplicaSet/coredns-655c69d4f4                 │   │   │ 3  │ 5  │   │
│ kube-system  │ Pod/aws-for-fluent-bit-m46xg                  │   │   │ 4  │ 8  │   │
│ kube-system  │ ReplicaSet/ebs-csi-controller-846b7ddddb      │   │   │ 5  │ 31 │   │
│ kube-system  │ Pod/coredns-655c69d4f4-fg82d                  │   │   │ 3  │ 5  │   │
│ default      │ ReplicaSet/nginx-55875d95fd                   │   │   │ 3  │ 11 │   │
│ default      │ Pod/myteam-mytest-cluster5-1                  │   │   │ 3  │ 7  │   │
│ default      │ StatefulSet/myteam-mytest-cluster5            │   │   │ 3  │ 7  │   │
│ default      │ ReplicaSet/nginx-7dc58f44b5                   │   │   │ 3  │ 11 │   │
│ default      │ Pod/web-1                                     │   │   │ 3  │ 11 │   │
│ default      │ Pod/my-pod                                    │   │   │ 4  │ 11 │   │
│ default      │ Deployment/nginx                              │   │   │ 3  │ 11 │   │
│ default      │ Pod/frontend-82hnn                            │   │   │ 3  │ 11 │   │
│ default      │ ReplicaSet/frontend                           │   │   │ 3  │ 11 │   │
│ default      │ Deployment/postgres-operator-ui               │   │   │ 3  │ 7  │   │
│ default      │ Pod/nginx-5d56f7cc56-rj5tk                    │   │   │ 3  │ 11 │   │
│ default      │ Pod/myteam-mytest-cluster5-0                  │   │   │ 3  │ 7  │   │
│ default      │ ReplicaSet/nginx-5d56f7cc56                   │   │   │ 3  │ 11 │   │
│ default      │ ReplicaSet/postgres-operator-ui-7cf5759697    │   │   │ 3  │ 7  │   │
│ default      │ Pod/frontend-rkwww                            │   │   │ 3  │ 11 │   │
│ default      │ Pod/web-0                                     │   │   │ 3  │ 11 │   │
│ default      │ Pod/postgres-operator-5c884976b6-bbj7m        │   │   │ 1  │ 6  │   │
│ default      │ StatefulSet/web                               │   │   │ 3  │ 11 │   │
│ default      │ Pod/postgres-operator-ui-7cf5759697-hrlst     │   │   │ 3  │ 7  │   │
│ default      │ Pod/frontend-8jw4h                            │   │   │ 3  │ 11 │   │
│ default      │ ReplicaSet/postgres-operator-5c884976b6       │   │   │ 1  │ 6  │   │
│ default      │ Deployment/postgres-operator                  │   │   │ 1  │ 6  │   │
│ cert-manager │ ReplicaSet/cert-manager-cainjector-744bb89575 │   │   │ 1  │ 8  │   │
│ cert-manager │ Deployment/cert-manager                       │   │   │ 1  │ 8  │   │
│ cert-manager │ Pod/cert-manager-webhook-759d6dcbf7-6f4tc     │   │   │ 1  │ 8  │   │
│ cert-manager │ ReplicaSet/cert-manager-webhook-759d6dcbf7    │   │   │ 1  │ 8  │   │
│ cert-manager │ Deployment/cert-manager-webhook               │   │   │ 1  │ 8  │   │
│ cert-manager │ Deployment/cert-manager-cainjector            │   │   │ 1  │ 8  │   │
│ cert-manager │ Pod/cert-manager-cainjector-744bb89575-wrvs9  │   │   │ 1  │ 8  │   │
│ cert-manager │ Pod/cert-manager-69cdc85fc8-lmx5s             │   │   │ 1  │ 8  │   │
│ cert-manager │ ReplicaSet/cert-manager-69cdc85fc8            │   │   │ 1  │ 8  │   │
└──────────────┴───────────────────────────────────────────────┴───┴───┴────┴────┴───┘
Severities: C=CRITICAL H=HIGH M=MEDIUM L=LOW U=UNKNOWN

After

trivy k8s pods,rs,statefulsets,deployments,daemonsets,jobs,cronjobs --report=summary --scanners config  --all-namespaces --exclude-owned

Workload Assessment
┌──────────────┬────────────────────────────────────┬─────────────────────┐
│  Namespace   │              Resource              │  Misconfigurations  │
│              │                                    ├───┬───┬────┬────┬───┤
│              │                                    │ C │ H │ M  │ L  │ U │
├──────────────┼────────────────────────────────────┼───┼───┼────┼────┼───┤
│ kube-system  │ DaemonSet/aws-node                 │   │ 2 │ 8  │ 20 │   │
│ kube-system  │ Deployment/coredns                 │   │   │ 3  │ 5  │   │
│ kube-system  │ DaemonSet/ebs-csi-node             │   │ 1 │ 10 │ 20 │   │
│ kube-system  │ Deployment/ebs-csi-controller      │   │   │ 5  │ 31 │   │
│ kube-system  │ DaemonSet/aws-for-fluent-bit       │   │   │ 4  │ 8  │   │
│ kube-system  │ DaemonSet/kube-proxy               │   │ 2 │ 4  │ 10 │   │
│ default      │ StatefulSet/web                    │   │   │ 3  │ 11 │   │
│ default      │ Deployment/nginx                   │   │   │ 3  │ 11 │   │
│ default      │ StatefulSet/myteam-mytest-cluster5 │   │   │ 3  │ 7  │   │
│ default      │ Deployment/postgres-operator-ui    │   │   │ 3  │ 7  │   │
│ default      │ Deployment/postgres-operator       │   │   │ 1  │ 6  │   │
│ default      │ Pod/my-pod                         │   │   │ 4  │ 11 │   │
│ default      │ ReplicaSet/frontend                │   │   │ 3  │ 11 │   │
│ cert-manager │ Deployment/cert-manager            │   │   │ 1  │ 8  │   │
│ cert-manager │ Deployment/cert-manager-webhook    │   │   │ 1  │ 8  │   │
│ cert-manager │ Deployment/cert-manager-cainjector │   │   │ 1  │ 8  │   │
└──────────────┴────────────────────────────────────┴───┴───┴────┴────┴───┘
Severities: C=CRITICAL H=HIGH M=MEDIUM L=LOW U=UNKNOWN

Related PRs

Checklist

  • I've read the guidelines for contributing to this repository.
  • I've followed the conventions in the PR title.
  • I've added tests that prove my fix is effective or that my feature works.
  • I've updated the documentation with the relevant information (if needed).
  • I've added usage information (if the PR introduces new options)
  • I've included a "before" and "after" example to the description (if the PR is a user interface change).

@CLAassistant
Copy link

CLAassistant commented Aug 29, 2023
edited
Loading

CLA assistant check
All committers have signed the CLA.

@CLAassistant
Copy link

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.

@thapabishwa thapabishwa force-pushed the filter-artifact branch 2 times, most recently from 4886b23 to 3712866 Compare August 29, 2023 07:51
chen-keinan
chen-keinan reviewed Aug 29, 2023
View reviewed changes
Copy link
Contributor

@chen-keinan chen-keinan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@thapabishwa thank you for the contribution, maybe its best to add the exclude logic in : trivy-kubernetes project here

@thapabishwa
Copy link
Contributor Author

thapabishwa commented Aug 29, 2023
edited
Loading

@thapabishwa thank you for the contribution, maybe its best to add the exclude logic in : trivy-kubernetes project here

Hi @chen-keinan. Thanks for your swift response.

I have concerns about adding these changes to the trivy-kubernetes repository, as it might introduce complications. The proposed approach seems to involve blocking/filter all objects without granting control to the end user, which I believe is a crucial aspect.

For instance, if these changes are integrated into trivy-kubernetes, the output might resemble the following (unless I modify the signature of ListArtifact function):

 trivy k8s pods --report=summary --scanners config -A 
Workload Assessment
┌───────────┬────────────┬────────────────────┐
│ Namespace │  Resource  │ Misconfigurations  │
│           │            ├───┬───┬───┬────┬───┤
│           │            │ C │ H │ M │ L  │ U │
├───────────┼────────────┼───┼───┼───┼────┼───┤
│ default   │ Pod/my-pod │   │   │ 4 │ 11 │   │
└───────────┴────────────┴───┴───┴───┴────┴───┘
Severities: C=CRITICAL H=HIGH M=MEDIUM L=LOW U=UNKNOWN

However, by choosing to retain the new flag, complete control is handed over to the end user, enabling them to decide what to scan for:

  • Without any filtering
 trivy k8s pods --report=summary --scanners config -A   
Workload Assessment
┌──────────────┬──────────────────────────────────────────────┬─────────────────────┐
│  Namespace   │                   Resource                   │  Misconfigurations  │
│              │                                              ├───┬───┬────┬────┬───┤
│              │                                              │ C │ H │ M  │ L  │ U │
├──────────────┼──────────────────────────────────────────────┼───┼───┼────┼────┼───┤
│ kube-system  │ Pod/aws-for-fluent-bit-m46xg                 │   │   │ 4  │ 8  │   │
│ kube-system  │ Pod/coredns-655c69d4f4-kmx6c                 │   │   │ 3  │ 5  │   │
│ kube-system  │ Pod/ebs-csi-node-pjml9                       │   │ 1 │ 10 │ 20 │   │
│ kube-system  │ Pod/kube-proxy-mp45r                         │   │ 2 │ 4  │ 10 │   │
│ kube-system  │ Pod/ebs-csi-controller-846b7ddddb-tbl88      │   │   │ 5  │ 31 │   │
│ kube-system  │ Pod/ebs-csi-controller-846b7ddddb-nj6ks      │   │   │ 5  │ 31 │   │
│ kube-system  │ Pod/aws-node-9f6mb                           │   │ 4 │ 8  │ 19 │   │
│ kube-system  │ Pod/coredns-655c69d4f4-fg82d                 │   │   │ 3  │ 5  │   │
│ default      │ Pod/myteam-mytest-cluster5-1                 │   │   │ 3  │ 7  │   │
│ default      │ Pod/frontend-8jw4h                           │   │   │ 3  │ 11 │   │
│ default      │ Pod/frontend-82hnn                           │   │   │ 3  │ 11 │   │
│ default      │ Pod/my-pod                                   │   │   │ 4  │ 11 │   │
│ default      │ Pod/web-1                                    │   │   │ 3  │ 11 │   │
│ default      │ Pod/postgres-operator-ui-7cf5759697-hrlst    │   │   │ 3  │ 7  │   │
│ default      │ Pod/postgres-operator-5c884976b6-bbj7m       │   │   │ 1  │ 6  │   │
│ default      │ Pod/frontend-rkwww                           │   │   │ 3  │ 11 │   │
│ default      │ Pod/web-0                                    │   │   │ 3  │ 11 │   │
│ default      │ Pod/nginx-5d56f7cc56-rj5tk                   │   │   │ 3  │ 11 │   │
│ default      │ Pod/myteam-mytest-cluster5-0                 │   │   │ 3  │ 7  │   │
│ cert-manager │ Pod/cert-manager-webhook-759d6dcbf7-6f4tc    │   │   │ 1  │ 8  │   │
│ cert-manager │ Pod/cert-manager-cainjector-744bb89575-wrvs9 │   │   │ 1  │ 8  │   │
│ cert-manager │ Pod/cert-manager-69cdc85fc8-lmx5s            │   │   │ 1  │ 8  │   │
└──────────────┴──────────────────────────────────────────────┴───┴───┴────┴────┴───┘
Severities: C=CRITICAL H=HIGH M=MEDIUM L=LOW U=UNKNOWN
  • or, with the filter
 trivy k8s pods --report=summary --scanners config -A  -E
Workload Assessment
┌──────────────┬──────────────────────────────────────────────┬─────────────────────┐
│  Namespace   │                   Resource                   │  Misconfigurations  │
│              │                                              ├───┬───┬────┬────┬───┤
│              │                                              │ C │ H │ M  │ L  │ U │
├──────────────┼──────────────────────────────────────────────┼───┼───┼────┼────┼───┤
│ default      │ Pod/my-pod                                   │   │   │ 4  │ 11 │   │
└──────────────┴──────────────────────────────────────────────┴───┴───┴────┴────┴───┘
Severities: C=CRITICAL H=HIGH M=MEDIUM L=LOW U=UNKNOWN

Please let me know your thoughts on it.

@chen-keinan
Copy link
Contributor

chen-keinan commented Aug 29, 2023
edited
Loading

@thapabishwa the flag remain in trivy cli however trivy should be aware to k8s internal notions for example : ownerReferences

one way to do it is to introduce options pattern to client (in trivy-kubernetes project) see below:

type client struct {
	cluster       k8s.Cluster
	namespace     string
	resources     []string
	allNamespaces bool
	logger        *zap.SugaredLogger
	excludeOwned  bool
}

type K8sOption func(*client)

func WithExcludeOwned(excludeOwned bool) K8sOption {
	return func(c *client) {
		c.excludeOwned = excludeOwned
	}
}

// New creates a trivyK8S client
func New(cluster k8s.Cluster, logger *zap.SugaredLogger, opts ...K8sOption) TrivyK8S {
	c := &client{cluster: cluster, logger: logger}
	for _, opt := range opts {
		opt(c)
	}
	return c
}

once you have the flag in client its easy to include you functionality and also will help us in the future to introduce additional options

@thapabishwa
Copy link
Contributor Author

thapabishwa commented Aug 29, 2023
edited
Loading

@thapabishwa the flag remain in trivy cli however trivy should be aware to k8s internal notions for example : ownerReferences

one way to do it is to introduce options pattern to client (in trivy-kubernetes project) see below:

type client struct {
	cluster       k8s.Cluster
	namespace     string
	resources     []string
	allNamespaces bool
	logger        *zap.SugaredLogger
	excludeOwned  bool
}

type K8sOption func(*client)

func WithExcludeOwned(excludeOwned bool) K8sOption {
	return func(c *client) {
		c.excludeOwned = excludeOwned
	}
}

// New creates a trivyK8S client
func New(cluster k8s.Cluster, logger *zap.SugaredLogger, opts ...K8sOption) TrivyK8S {
	c := &client{cluster: cluster, logger: logger}
	for _, opt := range opts {
		opt(c)
	}
	return c
}

once you have the flag in client its easy to include you functionality and also will help us in the future to introduce additional options

Thank you, @chen-keinan.

I've understood the advantages of adding this changes into the trivy-kubernetes repository instead. I will send a PR to that repository and once it's approved and merged I will then proceed to update this code once my work there is finished.

Thank you for your prompt reply.

@thapabishwa
Copy link
Contributor Author

thapabishwa commented Aug 29, 2023
edited
Loading

@chen-keinan

PR on trivy-kubernetes repo
aquasecurity/trivy-kubernetes#214

Pulling it here as I cannot add reviewers on that PR.

@chen-keinan
Copy link
Contributor

chen-keinan commented Aug 29, 2023
edited
Loading

@chen-keinan

PR on trivy-kubernetes repo aquasecurity/trivy-kubernetes#214

Pulling it here as I cannot add reviewers on that PR.

@thapabishwa PR has been approved and merged.
you can use this tag v0.5.7-0.20230829110855-969eb077ad1c to replace trivy-kubernetes in go.mod file.

Note: you'll need to update cli docs after adding new flag :: use this command : mage docs:generate

@thapabishwa-plerionaut
Copy link

@chen-keinan
PR on trivy-kubernetes repo aquasecurity/trivy-kubernetes#214
Pulling it here as I cannot add reviewers on that PR.

@thapabishwa PR has been approved and merged. you can use this tag v0.5.7-0.20230829110855-969eb077ad1c to replace trivy-kubernetes in go.mod file.

Note: you'll need to update cli docs after adding new flag :: use this command : mage docs:generate

Thanks @chen-keinan.

Upgraded trivy-kubernetes to v0.5.7-0.20230829110855-969eb077ad1c and refactored existing code accordingly.

Please let me know what you think about it.

chen-keinan
chen-keinan reviewed Aug 29, 2023
View reviewed changes
pkg/flag/kubernetes_flags.go Outdated Show resolved Hide resolved
pkg/k8s/commands/resource.go Outdated Show resolved Hide resolved
@chen-keinan
Copy link
Contributor

@thapabishwa FYI your PR is depend on #5058 as trivy-kubernetes dependency you used also picked up changes for #5050 pr , this the reason k8s integration test failing

@thapabishwa
Copy link
Contributor Author

@thapabishwa FYI your PR is depend on #5058 as trivy-kubernetes dependency you used also picked up changes for #5050 pr , this the reason k8s integration test failing

Thanks @chen-keinan . Appreciate your feedback. I've addressed to the comments you've made.
Any suggestions to get the k8s integrations fixed so that this PR can be merged without depending on #5058 .

@chen-keinan
Copy link
Contributor

chen-keinan commented Aug 29, 2023
edited
Loading

@thapabishwa FYI your PR is depend on #5058 as trivy-kubernetes dependency you used also picked up changes for #5050 pr , this the reason k8s integration test failing

Thanks @chen-keinan . Appreciate your feedback. I've addressed to the comments you've made. Any suggestions to get the k8s integrations fixed so that this PR can be merged without depending on #5058 .

I'm do not think it can be merged before #5058 as changes to trivy-kubernets lib will impact trivy k8s functionality , fixing the integration test will still keep trivy broken.
no worries merge will happen soon :)

@thapabishwa
Copy link
Contributor Author

thapabishwa commented Aug 29, 2023
edited
Loading

@thapabishwa FYI your PR is depend on #5058 as trivy-kubernetes dependency you used also picked up changes for #5050 pr , this the reason k8s integration test failing

Thanks @chen-keinan . Appreciate your feedback. I've addressed to the comments you've made. Any suggestions to get the k8s integrations fixed so that this PR can be merged without depending on #5058 .

I'm do not think it can be merged before #5058 as changes to trivy-kubernets lib will impact trivy k8s functionality , fixing the integration test will still keep trivy broken. no worries merge will happen soon :)

@chen-keinan I took some time to rethink the changes made to the trivy-kubernetes repository in aquasecurity/trivy-kubernetes#214.

In the current implementation, resources are skipped just if they have ownerRef. I think, this exclusion criteria might not be optimal as resources can be owned by custom resources(like CRDs).

As a consequence, I think it is more sensible to exclude only the resources that are owned by built-in workloads. I've created another PR in trivy-kubernetes to address the short comings aquasecurity/trivy-kubernetes#215.

Please let me know what you think about it.

chen-keinan
chen-keinan previously approved these changes Aug 30, 2023
View reviewed changes
Copy link
Contributor

@chen-keinan chen-keinan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@thapabishwa thank you for the contribution lgtm 🚀 .

lets wait for #5019 to get approved and merged (will also solve the integration test issue)

@thapabishwa
Copy link
Contributor Author

@thapabishwa thank you for the contribution lgtm 🚀 .

lets wait for #5019 to get approved and merged (will also solve the integration test issue)

Thanks @chen-keinan. Could you also take a look at aquasecurity/trivy-kubernetes#215? I think it might be beneficial for us to consider aquasecurity/trivy-kubernetes#215 PR before merging the current one.

@chen-keinan
Copy link
Contributor

@thapabishwa thank you for the contribution lgtm 🚀 .
lets wait for #5019 to get approved and merged (will also solve the integration test issue)

Thanks @chen-keinan. Could you also take a look at aquasecurity/trivy-kubernetes#215? I think it might be beneficial for us to consider aquasecurity/trivy-kubernetes#215 PR before merging the current one.

@thapabishwa approved and merged , please update trivy-kubernetes version to v0.5.7-0.20230830053006-95e88d51f82b on go.mod file

@chen-keinan chen-keinan self-requested a review August 30, 2023 06:09
@chen-keinan chen-keinan dismissed their stale review August 30, 2023 06:10

wait until triy-kubernetes v0.5.7-0.20230830053006-95e88d51f82b version is updated on go.mod file

@thapabishwa
Copy link
Contributor Author

thapabishwa commented Aug 30, 2023
edited
Loading

@thapabishwa thank you for the contribution lgtm 🚀 .
lets wait for #5019 to get approved and merged (will also solve the integration test issue)

Thanks @chen-keinan. Could you also take a look at aquasecurity/trivy-kubernetes#215? I think it might be beneficial for us to consider aquasecurity/trivy-kubernetes#215 PR before merging the current one.

@thapabishwa approved and merged , please update trivy-kubernetes version to v0.5.7-0.20230830053006-95e88d51f82b on go.mod file

Hey @chen-keinan. Sorry, I made some mistake on last PR totrivy-kubernetes library.

Please take a look at this PR and let me know what you think about it. aquasecurity/trivy-kubernetes#216

@chen-keinan
Copy link
Contributor

@thapabishwa thank you for the contribution lgtm 🚀 .
lets wait for #5019 to get approved and merged (will also solve the integration test issue)

Thanks @chen-keinan. Could you also take a look at aquasecurity/trivy-kubernetes#215? I think it might be beneficial for us to consider aquasecurity/trivy-kubernetes#215 PR before merging the current one.

@thapabishwa approved and merged , please update trivy-kubernetes version to v0.5.7-0.20230830053006-95e88d51f82b on go.mod file

Hey @chen-keinan. Sorry, I made some mistake on last PR totrivy-kubernetes library.

Please take a look at this PR and let me know what you think about it. aquasecurity/trivy-kubernetes#216

new tag for trivy-kubernetes: v0.5.7-0.20230830063136-fe986af3f10f

@thapabishwa
Copy link
Contributor Author

thapabishwa commented Aug 30, 2023
edited
Loading

v0.5.7-0.20230830063136-fe986af3f10f

@chen-keinan Thanks a lot. Appreciate your support and patience while I addressed the mistakes I made. It means a lot. Updated go.mod to new tag.

@thapabishwa
Copy link
Contributor Author

Rebased onto main to resolve go.mod and go.sum conflicts.

@chen-keinan
Copy link
Contributor

chen-keinan commented Aug 31, 2023
edited
Loading

@thapabishwa Please rebase your branch with upstream and k8s integration test issue will be fixed

@thapabishwa
feat: filter artifacts on --exclude-owned flag
13dcf57 
- filter artifacts using trivy-kubernetes library
- upgrade dependencies
- generate docs
@thapabishwa
Copy link
Contributor Author

@thapabishwa Please rebase your branch with upstream and k8s integration test issue will be fixed

Thanks @chen-keinan . I've rebased the branch onto latest main.

@thapabishwa
Copy link
Contributor Author

thapabishwa commented Aug 31, 2023
edited
Loading

@chen-keinan @knqyf263 . I've addressed to all the comments. Please let me know once this is merged.

@knqyf263 knqyf263 added this pull request to the merge queue Aug 31, 2023
@knqyf263
Copy link
Collaborator

Thanks

Merged via the queue into aquasecurity:main with commit 0c8919e Aug 31, 2023
17 checks passed
@thapabishwa thapabishwa deleted the filter-artifact branch August 31, 2023 11:08
@thapabishwa thapabishwa changed the title feat: filter artifacts on --exclude-owned flag feat: introduce --exclude-owned flag to exclude K8S Resources with Owner References Mar 26, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chen-keinan chen-keinan chen-keinan approved these changes

@josedonizetti josedonizetti Awaiting requested review from josedonizetti

@knqyf263 knqyf263 Awaiting requested review from knqyf263 knqyf263 is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

feat: filter artifacts on --exclude-owned flag
5 participants
@thapabishwa @CLAassistant @chen-keinan @thapabishwa-plerionaut @knqyf263