From 90ef6a6a86ee4007de27a7804a0bd54184367971 Mon Sep 17 00:00:00 2001 From: Ramanan Ravikumar Date: Tue, 7 Feb 2023 15:44:00 +0530 Subject: [PATCH] Add Kubernetes controls #725 #728 --- deepfence_agent/tools/apache/scope/go.mod | 1 + deepfence_agent/tools/apache/scope/go.sum | 2 ++ .../apache/scope/probe/kubernetes/controls.go | 21 +++++++++++++++++++ deepfence_worker/go.mod | 6 ++++++ 4 files changed, 30 insertions(+) diff --git a/deepfence_agent/tools/apache/scope/go.mod b/deepfence_agent/tools/apache/scope/go.mod index 91019d0622..5c28397e99 100644 --- a/deepfence_agent/tools/apache/scope/go.mod +++ b/deepfence_agent/tools/apache/scope/go.mod @@ -35,6 +35,7 @@ require ( github.com/deepfence/df-utils/cloud_metadata v0.0.0-00010101000000-000000000000 github.com/deepfence/golang_deepfence_sdk/client v0.0.0-20230123091013-6f8a19aeeb9d github.com/deepfence/golang_deepfence_sdk/utils v0.0.0-00010101000000-000000000000 + github.com/deepfence/kubernetes-scanner v0.0.0-20230207100100-2b3e42980206 github.com/dustin/go-humanize v1.0.1 github.com/fsouza/go-dockerclient v1.9.2 github.com/gogo/protobuf v1.3.2 diff --git a/deepfence_agent/tools/apache/scope/go.sum b/deepfence_agent/tools/apache/scope/go.sum index 846e699f70..68eaf4aad0 100644 --- a/deepfence_agent/tools/apache/scope/go.sum +++ b/deepfence_agent/tools/apache/scope/go.sum @@ -320,6 +320,8 @@ github.com/d2g/hardwareaddr v0.0.0-20190221164911-e7d9fbe030e4/go.mod h1:bMl4RjI github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/deepfence/kubernetes-scanner v0.0.0-20230207100100-2b3e42980206 h1:h3LVyxoMXj7LMPUFsBYprbQpxH79yaTGfu4OxNMm26E= +github.com/deepfence/kubernetes-scanner v0.0.0-20230207100100-2b3e42980206/go.mod h1:Hv96hmVBYWdvWG2FC+vbeEPzqIRVRWxlcr6V20O7Q6s= github.com/denverdino/aliyungo v0.0.0-20190125010748-a747050bb1ba/go.mod h1:dV8lFg6daOBZbT6/BDGIz6Y3WFGn8juu6G+CQ6LHtl0= github.com/dgrijalva/jwt-go v0.0.0-20170104182250-a601269ab70c/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= diff --git a/deepfence_agent/tools/apache/scope/probe/kubernetes/controls.go b/deepfence_agent/tools/apache/scope/probe/kubernetes/controls.go index b0291725d4..dff9c814c8 100644 --- a/deepfence_agent/tools/apache/scope/probe/kubernetes/controls.go +++ b/deepfence_agent/tools/apache/scope/probe/kubernetes/controls.go @@ -2,9 +2,30 @@ package kubernetes import ( ctl "github.com/deepfence/golang_deepfence_sdk/utils/controls" + k8sscanner "github.com/deepfence/kubernetes-scanner/scanner/compliance" + k8sscannerutil "github.com/deepfence/kubernetes-scanner/util" ) func StartComplianceScan(req ctl.StartComplianceScanRequest) error { + _, err := k8sscanner.NewComplianceScanner( + k8sscannerutil.Config{ + ManagementConsoleUrl: "", + ManagementConsolePort: "", + DeepfenceKey: "", + ComplianceCheckType: "", + ComplianceBenchmark: "", + CloudProvider: "", + ScanId: "", + NodeId: "", + NodeName: "", + ComplianceResultsFilePath: "", + ComplianceStatusFilePath: "", + }, + "", + k8sscannerutil.NsaCisaCheckType) + if err != nil { + return err + } return nil } diff --git a/deepfence_worker/go.mod b/deepfence_worker/go.mod index 12b2a8e7ba..c8b537ae18 100644 --- a/deepfence_worker/go.mod +++ b/deepfence_worker/go.mod @@ -6,6 +6,12 @@ replace github.com/deepfence/golang_deepfence_sdk/client => ../golang_deepfence_ replace github.com/deepfence/golang_deepfence_sdk/utils => ../golang_deepfence_sdk/utils/ +replace github.com/deepfence/df-utils => ../deepfence_agent/tools/apache/deepfence/df-utils + +replace github.com/deepfence/df-utils/cloud_metadata => ../deepfence_agent/tools/apache/deepfence/df-utils/cloud_metadata + +replace github.com/weaveworks/tcptracer-bpf => ../deepfence_agent/tools/apache/deepfence/tcptracer-bpf + replace github.com/deepfence/package-scanner => github.com/deepfence/package-scanner v1.2.4-0.20230127115739-84aacf6856fa replace github.com/deepfence/ThreatMapper/deepfence_server => ../deepfence_server/