Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cli: support formatted console output #1097

Open
chen-keinan opened this issue Apr 4, 2022 · 0 comments
Open

cli: support formatted console output #1097

chen-keinan opened this issue Apr 4, 2022 · 0 comments
Labels
🚀 enhancement New feature or request
Milestone
Release v0.16.0

Comments

@chen-keinan
Copy link
Contributor

chen-keinan commented Apr 4, 2022
edited
Loading

it is required to support console-formatted results when running starboard scan by command by default:

  • the console format should be the default output
  • the console format should be in a table structure

Example:

Vulnerability:

--------------+--------------------+----------------+--------------------------------------------------------+
|  Severity   |   Resource         |     CVE        |            Description                                 |
+-------------+--------------------+----------------+--------------------------------------------------------+
| Critial     | test/nginx         | cve-2019-20839 | libpcre in PCRE before 8.43 allows a subject buffer    | 
+-------------+--------------------+----------------+--------------------------------------------------------+
| High        | aka/alpine         | cve-2019-20838 | An issue was discovered in Mattermost Server before    |  
+-------------+--------------------+----------------+--------------------------------------------------------+
| Medium      | hstop/vari         | CVE-2020-11501 | GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography |
+-------------+--------------------+----------------+--------------------------------------------------------+
| Summary     | 
+-------------+-------------------------+
 Fail         |   3    | Pass   | 30    |
+---------------------------------------+

Config-Audit:

--------------+--------------------+----------------+------------------------------------------------------------+
|  Severity   |   Resource         |     Check ID   |            Description                                     |
+-------------+--------------------+----------------+------------------------------------------------------------+
| Critial     | test/nginx         |    KSV037      | User Pods should not be placed in kube-system namespace    | 
+-------------+--------------------+----------------+------------------------------------------------------------+
| High        | aka/alpine         |    KSV038      | Protecting Pod service account tokens                      |  
+-------------+--------------------+----------------+------------------------------------------------------------+
| Medium      | hstop/vari         |    KSV039      | Selector usage in network policies                         |
+-------------+--------------------+----------------+------------------------------------------------------------+
| Summary     | 
+-------------+-------------------------+
 Fail         |   3    | Pass   | 22    |
+---------------------------------------+



CIS-Benchmark:

-----------------------------------------------------------------------------------------------------------------------------------+
| Description                                                                                 | Node-1   |  Node-2     |  Node-3   |
+----------------------------------------------------------------------------------------------------------------------------------+
|1 Master Node Security Configuration                                                         | INFO     |    INFO     | INFO      |
|1.1 Master Node Configuration Files                                                          | INFO     |    INFO     | INFO      |
|1.1.9 Ensure that the Container Network Interface file permissions are set to 644            | WARN     |    WARN     | WARN      |
|1.1.10 Ensure that the Container Network Interface file ownership is set to root:root        | WARN     |    WARN     | WARN      |
|1.1.12 Ensure that the etcd data directory ownership is set to etcd:etcd (Automated)         | FAIL     |    FAIL     | PASS      |
|1.2 API Server                                                                               | INFO     |    INFO     | INFO      |
|1.2.1 Ensure that the --anonymous-auth argument is set to false (Manual)                     | WARN     |    WARN     | WARN      |
|1.2.5 Ensure that the --kubelet-certificate-authority argument is set as appropriate         | FAIL     |    FAIL     | FAIL      |
|1.2.9 Ensure that the admission control plugin EventRateLimit is set (Manual)                | WARN     |    WARN     | WARN      |
|1.2.11 Ensure that the admission control plugin AlwaysPullImages is set (Manual)             | FAIL     |    FAIL     | PASS      | 
|1.2.12 Ensure that the admission control plugin SecurityContextDeny is set                   | PASS     |    FAIL     | FAIL      | 
|1.2.15 Ensure that the admission control plugin PodSecurityPolicy is set (Automated)         | FAIL     |    PASS     | FAIL      | 
|1.2.20 Ensure that the --profiling argument is set to false (Automated)                      | FAIL     |    PASS     | PASS      | 
+-------------+--------------------+----------------+-----------------------------------------+----------+-------------+-----------+
| Summary     |     
+-------------+--------+------+-------+---------+------+
 Fail         |   12   | Warn | 12    |   Pass  |    5 |
+-------------+--------+------+-------+---------+------+
+--------------+------------+-----------+----------------+-----------------+-----------------------------------------------------------+
| NAMESPACE    | WORKLOAD   |    IMAGE  |  LIBRARY       |VULNERABILITY ID | SEVERITY | MORE INFO                                      |  
+--------------+------------+-----------+----------------+-----------------+-----------------------------------------------------------+
|  MY Namespace| test/nginx |   nginx   | apt:1.0.9.8.3  | CVE-2019-3462   | CRITIAL  | https://avd.aquasec.com/nvd/2019/cve-2019-3462 |
|              |            |           |                | CVE-2016-1252   | MEDIUM   | https://avd.aquasec.com/nvd/2019/cve-2016-1252 |
+--------------+------------+-----------+----------------+-----------------+----------+------------------------------------------------+
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
🚀 enhancement New feature or request
Projects
None yet
Milestone
Release v0.16.0
Development

No branches or pull requests
2 participants
@josedonizetti @chen-keinan