add storeFilteredSbom option to kubevuln

Signed-off-by: Matthias Bertschy <[email protected]>

charts/kubescape-operator/templates/configs/cloudapi-configmap.yaml

@@ -42,6 +42,7 @@ data:
       "scanTimeout": "{{ .Values.kubevuln.config.scanTimeout }}",
       "vexGeneration": {{ eq .Values.capabilities.vexGeneration "enable" }},
       "useDefaultMatchers": {{ .Values.kubevuln.config.useDefaultMatchers }},
+      "storeFilteredSboms": {{ .Values.kubevuln.config.storeFilteredSboms }},
       "continuousPostureScan": {{ $configurations.continuousScan }},
 {{- if not (empty .Values.kubevuln.config.grypeDbListingURL) }}
       "listingURL": "{{ .Values.kubevuln.config.grypeDbListingURL }}",

charts/kubescape-operator/tests/__snapshot__/snapshot_test.yaml.snap

@@ -257,6 +257,7 @@ all capabilities:
           "scanTimeout": "5m",
           "vexGeneration": true,
           "useDefaultMatchers": true,
+          "storeFilteredSboms": false,
           "continuousPostureScan": false,
           "listingURL": "http://grype-offline-db:80/listing.json",
           "relevantImageVulnerabilitiesConfiguration": "enable"
@@ -1093,7 +1094,7 @@ all capabilities:
       template:
         metadata:
           annotations:
-            checksum/cloud-config: c1f0dc8ff00eb07abf64badead35ad9c9865b493a9b983d017161664bfc7c458
+            checksum/cloud-config: d6f711c907ac404868d836f559972d6b753ab085a3cf4ed47a079db75cd206fa
             checksum/cloud-secret: cf2e73d4ff0ce943730b3ed5bd4740f0bd8c4386e5843870f51c302b41df8da9
             checksum/host-scanner-configmap: d010d4abad98498e67bfb2cca532412520cc2f1001d388697fd03005e90ac352
             checksum/proxy-config: 3669c08e51ef779cd00a107f19592b34195c3ebdb60bedaf8ebf1491a3f2a747
@@ -1861,7 +1862,7 @@ all capabilities:
       template:
         metadata:
           annotations:
-            checksum/cloud-config: c1f0dc8ff00eb07abf64badead35ad9c9865b493a9b983d017161664bfc7c458
+            checksum/cloud-config: d6f711c907ac404868d836f559972d6b753ab085a3cf4ed47a079db75cd206fa
             checksum/cloud-secret: cf2e73d4ff0ce943730b3ed5bd4740f0bd8c4386e5843870f51c302b41df8da9
             checksum/proxy-config: 3669c08e51ef779cd00a107f19592b34195c3ebdb60bedaf8ebf1491a3f2a747
           labels:
@@ -2376,7 +2377,7 @@ all capabilities:
       template:
         metadata:
           annotations:
-            checksum/cloud-config: c1f0dc8ff00eb07abf64badead35ad9c9865b493a9b983d017161664bfc7c458
+            checksum/cloud-config: d6f711c907ac404868d836f559972d6b753ab085a3cf4ed47a079db75cd206fa
             checksum/cloud-secret: cf2e73d4ff0ce943730b3ed5bd4740f0bd8c4386e5843870f51c302b41df8da9
             checksum/node-agent-config: a466fa221874bba84fb7d2397ad6f171549ae53c041c035c45da114214158585
             checksum/proxy-config: 3669c08e51ef779cd00a107f19592b34195c3ebdb60bedaf8ebf1491a3f2a747
@@ -3095,7 +3096,7 @@ all capabilities:
         metadata:
           annotations:
             checksum/capabilities-config: 6de047b9fb82f3d94b66b77a16b5af4902212c717141b483791c13f8cb3fc178
-            checksum/cloud-config: c1f0dc8ff00eb07abf64badead35ad9c9865b493a9b983d017161664bfc7c458
+            checksum/cloud-config: d6f711c907ac404868d836f559972d6b753ab085a3cf4ed47a079db75cd206fa
             checksum/cloud-secret: cf2e73d4ff0ce943730b3ed5bd4740f0bd8c4386e5843870f51c302b41df8da9
             checksum/matching-rules-config: 4244067153661f0c2577cba49b0dba63db5f77acf9904663ca06610953f55e17
             checksum/operator-config: c5e8d0f30f026bfd6059b9ae0a4232211488f34a55d1257c386631e5e8d0935f
@@ -5427,7 +5428,7 @@ all capabilities:
       template:
         metadata:
           annotations:
-            checksum/cloud-config: c1f0dc8ff00eb07abf64badead35ad9c9865b493a9b983d017161664bfc7c458
+            checksum/cloud-config: d6f711c907ac404868d836f559972d6b753ab085a3cf4ed47a079db75cd206fa
             checksum/cloud-secret: cf2e73d4ff0ce943730b3ed5bd4740f0bd8c4386e5843870f51c302b41df8da9
             checksum/proxy-config: 3669c08e51ef779cd00a107f19592b34195c3ebdb60bedaf8ebf1491a3f2a747
             checksum/synchronizer-configmap: ce6e6cd13005cb016ce932c4b8343330c199b0d85bfed657684cb413093e6493
@@ -5828,6 +5829,7 @@ default capabilities:
           "scanTimeout": "5m",
           "vexGeneration": false,
           "useDefaultMatchers": false,
+          "storeFilteredSboms": false,
           "continuousPostureScan": false,
           "listingURL": "http://grype-offline-db:80/listing.json",
           "relevantImageVulnerabilitiesConfiguration": "enable"
@@ -6500,7 +6502,7 @@ default capabilities:
       template:
         metadata:
           annotations:
-            checksum/cloud-config: 37311949e32a133a70f465c9091dc3addf733af749455321e03f5525703a5063
+            checksum/cloud-config: 678e2b8c5497a211b7bc4ac427a61762f142ef6ddb5480f24c6ffe552f874eee
             checksum/cloud-secret: cf2e73d4ff0ce943730b3ed5bd4740f0bd8c4386e5843870f51c302b41df8da9
             checksum/host-scanner-configmap: 15ed52f1a24047c5e5aaffe889acc88d9930fe1778799ad98cbf82b440e314fe
             checksum/proxy-config: 3669c08e51ef779cd00a107f19592b34195c3ebdb60bedaf8ebf1491a3f2a747
@@ -7220,7 +7222,7 @@ default capabilities:
       template:
         metadata:
           annotations:
-            checksum/cloud-config: 37311949e32a133a70f465c9091dc3addf733af749455321e03f5525703a5063
+            checksum/cloud-config: 678e2b8c5497a211b7bc4ac427a61762f142ef6ddb5480f24c6ffe552f874eee
             checksum/cloud-secret: cf2e73d4ff0ce943730b3ed5bd4740f0bd8c4386e5843870f51c302b41df8da9
             checksum/proxy-config: 3669c08e51ef779cd00a107f19592b34195c3ebdb60bedaf8ebf1491a3f2a747
           labels:
@@ -7665,7 +7667,7 @@ default capabilities:
       template:
         metadata:
           annotations:
-            checksum/cloud-config: 37311949e32a133a70f465c9091dc3addf733af749455321e03f5525703a5063
+            checksum/cloud-config: 678e2b8c5497a211b7bc4ac427a61762f142ef6ddb5480f24c6ffe552f874eee
             checksum/cloud-secret: cf2e73d4ff0ce943730b3ed5bd4740f0bd8c4386e5843870f51c302b41df8da9
             checksum/node-agent-config: b63c41145cab22dc8940dbaee9ed1c00273c9fd71c3a865274186244437de025
             checksum/proxy-config: 3669c08e51ef779cd00a107f19592b34195c3ebdb60bedaf8ebf1491a3f2a747
@@ -8232,7 +8234,7 @@ default capabilities:
         metadata:
           annotations:
             checksum/capabilities-config: a3884b3485c43ed1603dca5d383c5da264de1a0631add04eced7efa580b3850d
-            checksum/cloud-config: 37311949e32a133a70f465c9091dc3addf733af749455321e03f5525703a5063
+            checksum/cloud-config: 678e2b8c5497a211b7bc4ac427a61762f142ef6ddb5480f24c6ffe552f874eee
             checksum/cloud-secret: cf2e73d4ff0ce943730b3ed5bd4740f0bd8c4386e5843870f51c302b41df8da9
             checksum/matching-rules-config: 4244067153661f0c2577cba49b0dba63db5f77acf9904663ca06610953f55e17
             checksum/operator-config: aa962c01a38229173991c14bea0bedd36ee3f095853d271664eac753f5155a70
@@ -10116,7 +10118,7 @@ default capabilities:
       template:
         metadata:
           annotations:
-            checksum/cloud-config: 37311949e32a133a70f465c9091dc3addf733af749455321e03f5525703a5063
+            checksum/cloud-config: 678e2b8c5497a211b7bc4ac427a61762f142ef6ddb5480f24c6ffe552f874eee
             checksum/cloud-secret: cf2e73d4ff0ce943730b3ed5bd4740f0bd8c4386e5843870f51c302b41df8da9
             checksum/proxy-config: 3669c08e51ef779cd00a107f19592b34195c3ebdb60bedaf8ebf1491a3f2a747
             checksum/synchronizer-configmap: eee4d8c0c03abb7b2ec348a9ade592421e69c31d66052e5fcdc0e202271b34d3
@@ -10479,6 +10481,7 @@ disable otel:
           "scanTimeout": "5m",
           "vexGeneration": false,
           "useDefaultMatchers": false,
+          "storeFilteredSboms": false,
           "continuousPostureScan": false,
           "relevantImageVulnerabilitiesConfiguration": "enable"
         }
@@ -10971,7 +10974,7 @@ disable otel:
       template:
         metadata:
           annotations:
-            checksum/cloud-config: 4ae906fd9cea940360abb72cb088bd6f82d009b1748dbeab14a85eef05efd049
+            checksum/cloud-config: def218dd594c1e48747f476d985fab8a3abdca0a14402e4dee0675f6fc4b393f
             checksum/cloud-secret: cf2e73d4ff0ce943730b3ed5bd4740f0bd8c4386e5843870f51c302b41df8da9
             checksum/host-scanner-configmap: 15ed52f1a24047c5e5aaffe889acc88d9930fe1778799ad98cbf82b440e314fe
           labels:
@@ -11518,7 +11521,7 @@ disable otel:
       template:
         metadata:
           annotations:
-            checksum/cloud-config: 4ae906fd9cea940360abb72cb088bd6f82d009b1748dbeab14a85eef05efd049
+            checksum/cloud-config: def218dd594c1e48747f476d985fab8a3abdca0a14402e4dee0675f6fc4b393f
             checksum/cloud-secret: cf2e73d4ff0ce943730b3ed5bd4740f0bd8c4386e5843870f51c302b41df8da9
           labels:
             app: kubevuln
@@ -11887,7 +11890,7 @@ disable otel:
       template:
         metadata:
           annotations:
-            checksum/cloud-config: 4ae906fd9cea940360abb72cb088bd6f82d009b1748dbeab14a85eef05efd049
+            checksum/cloud-config: def218dd594c1e48747f476d985fab8a3abdca0a14402e4dee0675f6fc4b393f
             checksum/cloud-secret: cf2e73d4ff0ce943730b3ed5bd4740f0bd8c4386e5843870f51c302b41df8da9
             checksum/node-agent-config: b63c41145cab22dc8940dbaee9ed1c00273c9fd71c3a865274186244437de025
             container.apparmor.security.beta.kubernetes.io/node-agent: unconfined
@@ -12314,7 +12317,7 @@ disable otel:
         metadata:
           annotations:
             checksum/capabilities-config: 198343087606bc5b88772499d7f7bd1dadd0ee8c8373ab1282e566e7dec9ac4c
-            checksum/cloud-config: 4ae906fd9cea940360abb72cb088bd6f82d009b1748dbeab14a85eef05efd049
+            checksum/cloud-config: def218dd594c1e48747f476d985fab8a3abdca0a14402e4dee0675f6fc4b393f
             checksum/cloud-secret: cf2e73d4ff0ce943730b3ed5bd4740f0bd8c4386e5843870f51c302b41df8da9
             checksum/matching-rules-config: 4244067153661f0c2577cba49b0dba63db5f77acf9904663ca06610953f55e17
             checksum/operator-config: aa962c01a38229173991c14bea0bedd36ee3f095853d271664eac753f5155a70
@@ -14000,7 +14003,7 @@ disable otel:
       template:
         metadata:
           annotations:
-            checksum/cloud-config: 4ae906fd9cea940360abb72cb088bd6f82d009b1748dbeab14a85eef05efd049
+            checksum/cloud-config: def218dd594c1e48747f476d985fab8a3abdca0a14402e4dee0675f6fc4b393f
             checksum/cloud-secret: cf2e73d4ff0ce943730b3ed5bd4740f0bd8c4386e5843870f51c302b41df8da9
             checksum/synchronizer-configmap: eee4d8c0c03abb7b2ec348a9ade592421e69c31d66052e5fcdc0e202271b34d3
           labels:
@@ -14273,6 +14276,7 @@ minimal capabilities:
           "scanTimeout": "5m",
           "vexGeneration": false,
           "useDefaultMatchers": false,
+          "storeFilteredSboms": false,
           "continuousPostureScan": false,
           "relevantImageVulnerabilitiesConfiguration": "enable"
         }
@@ -14661,7 +14665,7 @@ minimal capabilities:
       template:
         metadata:
           annotations:
-            checksum/cloud-config: 78e0d35288b7978bc95dc0f93426b1f2677459278ad27ddd867f13661142717b
+            checksum/cloud-config: 9e8579a8978574318fbe7cbea9a471f1a26154673dfc8384fb7bab97fec56852
             checksum/cloud-secret: f1356b6dba8ba4a01197f4030346928c33c7dab7b123a2aecaffb0630352929c
             checksum/host-scanner-configmap: 15ed52f1a24047c5e5aaffe889acc88d9930fe1778799ad98cbf82b440e314fe
           labels:
@@ -15108,7 +15112,7 @@ minimal capabilities:
       template:
         metadata:
           annotations:
-            checksum/cloud-config: 78e0d35288b7978bc95dc0f93426b1f2677459278ad27ddd867f13661142717b
+            checksum/cloud-config: 9e8579a8978574318fbe7cbea9a471f1a26154673dfc8384fb7bab97fec56852
             checksum/cloud-secret: f1356b6dba8ba4a01197f4030346928c33c7dab7b123a2aecaffb0630352929c
           labels:
             app: kubevuln
@@ -15473,7 +15477,7 @@ minimal capabilities:
       template:
         metadata:
           annotations:
-            checksum/cloud-config: 78e0d35288b7978bc95dc0f93426b1f2677459278ad27ddd867f13661142717b
+            checksum/cloud-config: 9e8579a8978574318fbe7cbea9a471f1a26154673dfc8384fb7bab97fec56852
             checksum/cloud-secret: f1356b6dba8ba4a01197f4030346928c33c7dab7b123a2aecaffb0630352929c
             checksum/node-agent-config: b658595793549f32aed093f8d72f18be9ec60174d15fabc8429674c14a96b12a
             container.apparmor.security.beta.kubernetes.io/node-agent: unconfined
@@ -15897,7 +15901,7 @@ minimal capabilities:
         metadata:
           annotations:
             checksum/capabilities-config: e875e47f1704778aa8415c5219fc93d71710d205eafd22a547da584126fdce49
-            checksum/cloud-config: 78e0d35288b7978bc95dc0f93426b1f2677459278ad27ddd867f13661142717b
+            checksum/cloud-config: 9e8579a8978574318fbe7cbea9a471f1a26154673dfc8384fb7bab97fec56852
             checksum/cloud-secret: f1356b6dba8ba4a01197f4030346928c33c7dab7b123a2aecaffb0630352929c
             checksum/matching-rules-config: 4244067153661f0c2577cba49b0dba63db5f77acf9904663ca06610953f55e17
             checksum/operator-config: b718f34adae5893e4846bb4cce1e40b300355a2e4b3b3fb996cb39e567319f6f

charts/kubescape-operator/values.yaml

@@ -361,6 +361,7 @@ kubevuln:
     scanTimeout: 5m # set timeout for scanning an image
     grypeDbListingURL: "" # set the URL for the grype db listing, if empty the default URL will be used
     useDefaultMatchers: false # set to true to use the default matchers
+    storeFilteredSboms: false
 
   env:
     - name: CA_MAX_VULN_SCAN_ROUTINES # TODO update the kubevuln