kubescape cli didn't scan all controls although kubescape-operator is installed in cluster.

[paokrab]

Description

I have installed kubescape-operator helm chart and enable host scanner, when i run with kubescape api host
scanner pod is started to run and report has no action required but when i run with kubescape cli it's notice about
This control requires the host-scanner capability. To activate the host scanner capability, proceed with the installation
of the kubescape operator chart found here: https://github.com/kubescape/helm-charts/tree/main/charts/kubescape-operator and some controls in report need action required.

Environment

OS: RHEL8
Version: v3.0.0

Steps To Reproduce

kubescape scan framework cis-v1.23-t1.0.1 -v

Expected behavior

All controls must be test.
Controls: 121 (Failed: 30, Passed: 91, Action Required: 0)

Actual Behavior

Some controls in report show Action Required *
Controls: 121 (Failed: 33, Passed: 41, Action Required: 47)

[Daniel-GrunbergerCA]

Hi @paokrab ,
Thank you for reporting the issue. The host-scanner capability was removed from the CLI on this PR.
I admit the message about installing the operator is confusing, but what it means is that this capability is available only on the Kubescape Pod running inside the cluster.
We will fix the error message so it will be more clear

[paokrab]

@Daniel-GrunbergerCA
Currently when I call to API (https://github.com/kubescape/kubescape/tree/master/httphandler#default-scan) and see kubescape pod log it's didn't complain about any action required but report is in json format and when i specific format to html for human readable then got following error.

   {"level":"error","ts":"2023-11-07T02:17:18Z","msg":"failed to render template","error":"template: htmlReport:123:35: executing \"htmlReport\" at <sortByNamespace .ResourceTableView>: error calling sortByNamespace: runtime error: invalid memory address or nil pointer dereference"}

[spyder-guy]

i see the same thing. Controls that require visibility on the nodes are skipped, even with the kubescape operator installed. How does one run a scan such as one for the CIS framework, where the host-scanner daemonset will need to be deployed?

[dwertent]

Upon deploying the kubescape operator chart, you'll encounter a Deployment named kubescape. This Deployment functions as a microservice for the CLI, eliminating the necessity to independently run the CLI once the microservice is installed. It's important to note that the CLI doesn't integrate with the host-scanner DaemonSet.

Consequently, we strongly advise conducting cluster scans using the kubescape operator rather than relying on the CLI.
The results can be viewed via CRDs or a third-party portal (e.g. Armo)

I'm leaving this issue open so I will remember to update the log because I see it is not clear enough.

[dwertent]

Resolved in release v3.0.4