KubeClarity first commit (openclarity#99)

Author: FrimIdan

.DS_Store

@@ -0,0 +1,29 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+<!-- Please use this template while reporting a bug and provide as much info as possible.
+-->
+
+
+#### What happened:
+
+#### What you expected to happen:
+
+#### How to reproduce it (as minimally and precisely as possible):
+
+#### Are there any error messages in KubeClarity logs?
+(e.g. `kubectl logs -n kubeclarity --selector=app=kubeclarity`)
+
+#### Anything else we need to know?:
+
+#### Environment:
+- Kubernetes version (use `kubectl version --short`):
+- KubeClarity version (use `kubectl -n kubeclarity exec deploy/kubeclarity -- ./backend version`)
+- Cloud provider or hardware configuration:
+- Others:

.circleci/config.yml

@@ -0,0 +1,20 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Additional context**
+Add any other context or screenshots about the feature request here.

.github/ISSUE_TEMPLATE/bug_report.md

@@ -10,3 +10,8 @@ updates:
   schedule:
     interval: daily
   open-pull-requests-limit: 10
+- package-ecosystem: github-actions
+  directory: "/"
+  schedule:
+    interval: daily
+  open-pull-requests-limit: 10

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,152 @@
+name: CI
+on:
+  pull_request:
+
+env:
+  GO_VERSION: 1.17
+
+jobs:
+  verification:
+    name: Verification
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Set up Go
+        uses: actions/setup-go@v2
+        with:
+          go-version: ${{ env.GO_VERSION }}
+
+      - name: Check licenses
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: make license-check
+
+      - name: Run verification
+        run: make check
+
+  build:
+    needs: verification
+    name: Build
+    runs-on: ubuntu-latest
+    steps:
+    - name: Check out code
+      uses: actions/checkout@v2
+
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v1
+
+    - name: Cache Docker layers
+      uses: actions/cache@v2
+      with:
+        path: /tmp/.buildx-cache
+        key: ${{ runner.os }}-buildx-${{ github.ref }}
+        restore-keys: |
+          ${{ runner.os }}-buildx-
+
+    - name: Get current timestamp
+      id: timestamp
+      run: echo "::set-output name=timestamp::$(date -u +'%Y-%m-%dT%H:%M:%SZ')"
+
+    - name: Build KubeClarity
+      uses: docker/build-push-action@v2
+      with:
+        context: .
+        tags: ghcr.io/cisco-open/kubeclarity:${{ github.sha }}
+        file: Dockerfile.backend
+        push: false
+        cache-from: type=local,src=/tmp/.buildx-cache
+        cache-to: type=local,dest=/tmp/.buildx-cache
+        build-args: |
+          VERSION=${{ github.sha }}
+          BUILD_TIMESTAMP=${{ steps.timestamp.outputs.timestamp }}
+          COMMIT_HASH=${{ github.sha }}
+
+    - name: Build CIS Docker Benchmark Scanner
+      uses: docker/build-push-action@v2
+      with:
+        context: .
+        tags: ghcr.io/cisco-open/kubeclarity-cis-docker-benchmark-scanner:${{ github.sha }}
+        file: Dockerfile.cis_docker_benchmark_scanner
+        push: false
+        cache-from: type=local,src=/tmp/.buildx-cache
+        cache-to: type=local,dest=/tmp/.buildx-cache
+        build-args: |
+          VERSION=${{ github.sha }}
+          BUILD_TIMESTAMP=${{ steps.timestamp.outputs.timestamp }}
+          COMMIT_HASH=${{ github.sha }}          
+
+    - name: Build Runtime K8s Vulnerability Scanner
+      uses: docker/build-push-action@v2
+      with:
+        context: .
+        tags: ghcr.io/cisco-open/kubeclarity-runtime-k8s-scanner:${{ github.sha }}
+        file: Dockerfile.runtime_k8s_scanner
+        push: false
+        cache-from: type=local,src=/tmp/.buildx-cache
+        cache-to: type=local,dest=/tmp/.buildx-cache
+        build-args: |
+          VERSION=${{ github.sha }}
+          BUILD_TIMESTAMP=${{ steps.timestamp.outputs.timestamp }}
+          COMMIT_HASH=${{ github.sha }}
+
+    - name: Build SBOM DB
+      uses: docker/build-push-action@v2
+      with:
+        context: sbom_db
+        tags: ghcr.io/cisco-open/kubeclarity-sbom-db:${{ github.sha }}
+        file: sbom_db/Dockerfile.sbom_db
+        push: false
+        cache-from: type=local,src=/tmp/.buildx-cache
+        cache-to: type=local,dest=/tmp/.buildx-cache
+        build-args: |
+          VERSION=${{ github.sha }}
+          BUILD_TIMESTAMP=${{ steps.timestamp.outputs.timestamp }}
+          COMMIT_HASH=${{ github.sha }}
+
+    - name: Build CLI
+      uses: docker/build-push-action@v2
+      with:
+        context: .
+        tags: ghcr.io/cisco-open/kubeclarity-cli:${{ github.sha }}
+        file: Dockerfile.cli
+        push: false
+        cache-from: type=local,src=/tmp/.buildx-cache
+        cache-to: type=local,dest=/tmp/.buildx-cache
+        build-args: |
+          VERSION=${{ github.sha }}
+          BUILD_TIMESTAMP=${{ steps.timestamp.outputs.timestamp }}
+          COMMIT_HASH=${{ github.sha }}
+
+  lint_chart:
+    name: Lint Helm Chart
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+
+      - name: Replace version
+        id: replace_version
+        run: find . -type f -name "values.yaml" -o -name "Chart.yaml" |
+          xargs sed -i -e s/latest/v1.0.0-${{ github.sha }}/g
+
+      - name: Set up Helm
+        uses: azure/setup-helm@v1
+        with:
+          version: v3.4.0
+
+      - uses: actions/setup-python@v2
+        with:
+          python-version: 3.7
+
+      - name: Set up chart-testing
+        uses: helm/[email protected]
+
+      - name: Add Bitnami Repository
+        run: helm repo add bitnami https://charts.bitnami.com/bitnami
+
+#      - name: Run chart-testing (lint)
+#        run: ct lint --check-version-increment=false --validate-maintainers=false

.github/dependabot.yml

@@ -0,0 +1,105 @@
+name: Docker
+on:
+  push:
+    branches:
+      - master
+
+jobs:
+  docker:
+    name: Docker
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+
+      - name: Cache Docker layers
+        uses: actions/cache@v2
+        with:
+          path: /tmp/.buildx-cache
+          key: ${{ runner.os }}-buildx-${{ github.ref }}
+          restore-keys: |
+            ${{ runner.os }}-buildx-
+
+      - name: Get current timestamp
+        id: timestamp
+        run: echo "::set-output name=timestamp::$(date -u +'%Y-%m-%dT%H:%M:%SZ')"
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v1
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build KubeClarity
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          tags: ghcr.io/cisco-open/kubeclarity:latest
+          file: Dockerfile.backend
+          push: true
+          cache-from: type=local,src=/tmp/.buildx-cache
+          cache-to: type=local,dest=/tmp/.buildx-cache
+          build-args: |
+            VERSION=latest
+            BUILD_TIMESTAMP=${{ steps.timestamp.outputs.timestamp }}
+            COMMIT_HASH=${{ github.sha }}
+
+      - name: Build CIS Docker Benchmark Scanner
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          tags: ghcr.io/cisco-open/kubeclarity-cis-docker-benchmark-scanner:latest
+          file: Dockerfile.cis_docker_benchmark_scanner
+          push: true
+          cache-from: type=local,src=/tmp/.buildx-cache
+          cache-to: type=local,dest=/tmp/.buildx-cache
+          build-args: |
+            VERSION=latest
+            BUILD_TIMESTAMP=${{ steps.timestamp.outputs.timestamp }}
+            COMMIT_HASH=${{ github.sha }}          
+
+      - name: Build Runtime K8s Vulnerability Scanner
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          tags: ghcr.io/cisco-open/kubeclarity-runtime-k8s-scanner:latest
+          file: Dockerfile.runtime_k8s_scanner
+          push: true
+          cache-from: type=local,src=/tmp/.buildx-cache
+          cache-to: type=local,dest=/tmp/.buildx-cache
+          build-args: |
+            VERSION=latest
+            BUILD_TIMESTAMP=${{ steps.timestamp.outputs.timestamp }}
+            COMMIT_HASH=${{ github.sha }}
+
+      - name: Build SBOM DB
+        uses: docker/build-push-action@v2
+        with:
+          context: sbom_db
+          tags: ghcr.io/cisco-open/kubeclarity-sbom-db:latest
+          file: sbom_db/Dockerfile.sbom_db
+          push: true
+          cache-from: type=local,src=/tmp/.buildx-cache
+          cache-to: type=local,dest=/tmp/.buildx-cache
+          build-args: |
+            VERSION=latest
+            BUILD_TIMESTAMP=${{ steps.timestamp.outputs.timestamp }}
+            COMMIT_HASH=${{ github.sha }}
+
+      - name: Build CLI
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          tags: ghcr.io/cisco-open/kubeclarity-cli:latest
+          file: Dockerfile.cli
+          push: true
+          cache-from: type=local,src=/tmp/.buildx-cache
+          cache-to: type=local,dest=/tmp/.buildx-cache
+          build-args: |
+            VERSION=latest
+            BUILD_TIMESTAMP=${{ steps.timestamp.outputs.timestamp }}
+            COMMIT_HASH=${{ github.sha }}