cli: support formatted console output
chen-keinan opened this issue · comments
it is required to support console-formatted results when running starboard scan by command by default:
- the console format should be the default output
- the console format should be in a table structure
Example:
Vulnerability:
--------------+--------------------+----------------+--------------------------------------------------------+
| Severity | Resource | CVE | Description |
+-------------+--------------------+----------------+--------------------------------------------------------+
| Critial | test/nginx | cve-2019-20839 | libpcre in PCRE before 8.43 allows a subject buffer |
+-------------+--------------------+----------------+--------------------------------------------------------+
| High | aka/alpine | cve-2019-20838 | An issue was discovered in Mattermost Server before |
+-------------+--------------------+----------------+--------------------------------------------------------+
| Medium | hstop/vari | CVE-2020-11501 | GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography |
+-------------+--------------------+----------------+--------------------------------------------------------+
| Summary |
+-------------+-------------------------+
Fail | 3 | Pass | 30 |
+---------------------------------------+
Config-Audit:
--------------+--------------------+----------------+------------------------------------------------------------+
| Severity | Resource | Check ID | Description |
+-------------+--------------------+----------------+------------------------------------------------------------+
| Critial | test/nginx | KSV037 | User Pods should not be placed in kube-system namespace |
+-------------+--------------------+----------------+------------------------------------------------------------+
| High | aka/alpine | KSV038 | Protecting Pod service account tokens |
+-------------+--------------------+----------------+------------------------------------------------------------+
| Medium | hstop/vari | KSV039 | Selector usage in network policies |
+-------------+--------------------+----------------+------------------------------------------------------------+
| Summary |
+-------------+-------------------------+
Fail | 3 | Pass | 22 |
+---------------------------------------+
CIS-Benchmark:
-----------------------------------------------------------------------------------------------------------------------------------+
| Description | Node-1 | Node-2 | Node-3 |
+----------------------------------------------------------------------------------------------------------------------------------+
|1 Master Node Security Configuration | INFO | INFO | INFO |
|1.1 Master Node Configuration Files | INFO | INFO | INFO |
|1.1.9 Ensure that the Container Network Interface file permissions are set to 644 | WARN | WARN | WARN |
|1.1.10 Ensure that the Container Network Interface file ownership is set to root:root | WARN | WARN | WARN |
|1.1.12 Ensure that the etcd data directory ownership is set to etcd:etcd (Automated) | FAIL | FAIL | PASS |
|1.2 API Server | INFO | INFO | INFO |
|1.2.1 Ensure that the --anonymous-auth argument is set to false (Manual) | WARN | WARN | WARN |
|1.2.5 Ensure that the --kubelet-certificate-authority argument is set as appropriate | FAIL | FAIL | FAIL |
|1.2.9 Ensure that the admission control plugin EventRateLimit is set (Manual) | WARN | WARN | WARN |
|1.2.11 Ensure that the admission control plugin AlwaysPullImages is set (Manual) | FAIL | FAIL | PASS |
|1.2.12 Ensure that the admission control plugin SecurityContextDeny is set | PASS | FAIL | FAIL |
|1.2.15 Ensure that the admission control plugin PodSecurityPolicy is set (Automated) | FAIL | PASS | FAIL |
|1.2.20 Ensure that the --profiling argument is set to false (Automated) | FAIL | PASS | PASS |
+-------------+--------------------+----------------+-----------------------------------------+----------+-------------+-----------+
| Summary |
+-------------+--------+------+-------+---------+------+
Fail | 12 | Warn | 12 | Pass | 5 |
+-------------+--------+------+-------+---------+------++--------------+------------+-----------+----------------+-----------------+-----------------------------------------------------------+
| NAMESPACE | WORKLOAD | IMAGE | LIBRARY |VULNERABILITY ID | SEVERITY | MORE INFO |
+--------------+------------+-----------+----------------+-----------------+-----------------------------------------------------------+
| MY Namespace| test/nginx | nginx | apt:1.0.9.8.3 | CVE-2019-3462 | CRITIAL | https://avd.aquasec.com/nvd/2019/cve-2019-3462 |
| | | | | CVE-2016-1252 | MEDIUM | https://avd.aquasec.com/nvd/2019/cve-2016-1252 |
+--------------+------------+-----------+----------------+-----------------+----------+------------------------------------------------+