Add Kubernetes controls #725 #728

deepfence · Feb 7, 2023 · 90ef6a6 · 90ef6a6
1 parent 0fa3f81
commit 90ef6a6
Show file tree

Hide file tree

Showing 4 changed files with 30 additions and 0 deletions.
diff --git a/deepfence_agent/tools/apache/scope/go.mod b/deepfence_agent/tools/apache/scope/go.mod
@@ -35,6 +35,7 @@ require (
 	github.com/deepfence/df-utils/cloud_metadata v0.0.0-00010101000000-000000000000
 	github.com/deepfence/golang_deepfence_sdk/client v0.0.0-20230123091013-6f8a19aeeb9d
 	github.com/deepfence/golang_deepfence_sdk/utils v0.0.0-00010101000000-000000000000
+	github.com/deepfence/kubernetes-scanner v0.0.0-20230207100100-2b3e42980206
 	github.com/dustin/go-humanize v1.0.1
 	github.com/fsouza/go-dockerclient v1.9.2
 	github.com/gogo/protobuf v1.3.2

diff --git a/deepfence_agent/tools/apache/scope/go.sum b/deepfence_agent/tools/apache/scope/go.sum
@@ -320,6 +320,8 @@ github.com/d2g/hardwareaddr v0.0.0-20190221164911-e7d9fbe030e4/go.mod h1:bMl4RjI
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/deepfence/kubernetes-scanner v0.0.0-20230207100100-2b3e42980206 h1:h3LVyxoMXj7LMPUFsBYprbQpxH79yaTGfu4OxNMm26E=
+github.com/deepfence/kubernetes-scanner v0.0.0-20230207100100-2b3e42980206/go.mod h1:Hv96hmVBYWdvWG2FC+vbeEPzqIRVRWxlcr6V20O7Q6s=
 github.com/denverdino/aliyungo v0.0.0-20190125010748-a747050bb1ba/go.mod h1:dV8lFg6daOBZbT6/BDGIz6Y3WFGn8juu6G+CQ6LHtl0=
 github.com/dgrijalva/jwt-go v0.0.0-20170104182250-a601269ab70c/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
 github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=

diff --git a/deepfence_agent/tools/apache/scope/probe/kubernetes/controls.go b/deepfence_agent/tools/apache/scope/probe/kubernetes/controls.go
@@ -2,9 +2,30 @@ package kubernetes
 
 import (
 	ctl "github.com/deepfence/golang_deepfence_sdk/utils/controls"
+	k8sscanner "github.com/deepfence/kubernetes-scanner/scanner/compliance"
+	k8sscannerutil "github.com/deepfence/kubernetes-scanner/util"
 )
 
 func StartComplianceScan(req ctl.StartComplianceScanRequest) error {
+	_, err := k8sscanner.NewComplianceScanner(
+		k8sscannerutil.Config{
+			ManagementConsoleUrl:      "",
+			ManagementConsolePort:     "",
+			DeepfenceKey:              "",
+			ComplianceCheckType:       "",
+			ComplianceBenchmark:       "",
+			CloudProvider:             "",
+			ScanId:                    "",
+			NodeId:                    "",
+			NodeName:                  "",
+			ComplianceResultsFilePath: "",
+			ComplianceStatusFilePath:  "",
+		},
+		"",
+		k8sscannerutil.NsaCisaCheckType)
+	if err != nil {
+		return err
+	}
 	return nil
 }
 

diff --git a/deepfence_worker/go.mod b/deepfence_worker/go.mod
@@ -6,6 +6,12 @@ replace github.com/deepfence/golang_deepfence_sdk/client => ../golang_deepfence_
 
 replace github.com/deepfence/golang_deepfence_sdk/utils => ../golang_deepfence_sdk/utils/
 
+replace github.com/deepfence/df-utils => ../deepfence_agent/tools/apache/deepfence/df-utils
+
+replace github.com/deepfence/df-utils/cloud_metadata => ../deepfence_agent/tools/apache/deepfence/df-utils/cloud_metadata
+
+replace github.com/weaveworks/tcptracer-bpf => ../deepfence_agent/tools/apache/deepfence/tcptracer-bpf
+
 replace github.com/deepfence/package-scanner => github.com/deepfence/package-scanner v1.2.4-0.20230127115739-84aacf6856fa
 
 replace github.com/deepfence/ThreatMapper/deepfence_server => ../deepfence_server/