Home / kubescape / kubescape
Repository Analysis

kubescape/kubescape

0.9 Likely human-written View on GitHub
0.9
Adjusted Score
0.9
Raw Score
100%
Time Factor
Last Push
Stars
Language
107,899
Lines of Code
565
Files
71
Pattern Hits
2026-05-31
Scan Date

Score History

Severity Breakdown

CRITICAL 0HIGH 0MEDIUM 11LOW 60

Pattern Findings

71 matches across 7 categories. Click a row to expand file-level details.

Over-Commented Block42 hits · 42 pts
SeverityFileLineSnippet
LOWcore/core/download_test.go161// func TestDownloadConfigInputs(t *testing.T) {
LOWcore/core/download_test.go181// assert.NotNil(t, err)
LOWcore/core/download_test.go201// }
LOWcore/core/download_test.go221// Identifier: "id",
LOWcore/core/download_test.go241// for _, tt := range tests {
LOWcore/core/download_test.go261// downloadInfo: &metav1.DownloadInfo{
LOWcore/core/download_test.go281// },
LOWcore/core/download_test.go301// isErrNil bool
LOWcore/core/download_test.go321// Path: filepath.Join("path", "to"),
LOWcore/core/patch.go361// lookPath is exec.LookPath, indirected so the docker-CLI preflight in
LOWcore/core/patch_integration_test.go1//go:build integration_patch
LOWcore/cautils/scancoverage.go41type NotEvaluatedControl struct {
LOW…/testdata/kustomize/helm/charts/test-chart/values.yaml1# Empty default values for test-chart fixture used by TestKustomizeDirectoryWithHelmCharts.
LOWcore/cautils/getter/doc.go1// Package getter provides functionality to retrieve policy objects.
LOWcore/cautils/helmprovenance/helmprovenance.go1// Package helmprovenance recovers a best-effort link from a rendered Helm
LOWcore/cautils/helmprovenance/helmprovenance.go21 "strings"
LOWcore/cautils/helmprovenance/helmprovenance.go41 // TemplateLine is the 1-based line of the first apiVersion: occurrence
LOWcore/cautils/helmprovenance/helmprovenance.go81 // .Values.foo.bar — captures the trailing ".foo.bar" segment.
LOWcore/pkg/containerscan/gojayunmarshaller.go201 return 0
LOWcore/pkg/containerscan/datastructures.go21var KnownSeverities = map[string]bool{
LOWcore/pkg/containerscan/datastructures.go41// fmt.Println(result) // Output: 1
LOWcore/pkg/policyhandler/cache_bug_test.go261//
LOWcore/pkg/securityexception/expires_at_cel_test.go1package securityexception
LOWhttphandler/docs/docs.go1// Package classification Kubescape Microservice
LOWhttphandler/handlerequests/v1/requestparser.go21 // Do not delete results after returning (relevant only for synchronous requests)
LOWhttphandler/handlerequests/v1/requestshandler_test.go61// Status API
LOWhttphandler/handlerequests/v1/results_handler_test.go21// completely uncovered. Those branches govern:
LOWexamples/helm_chart/Chart.yaml21# to the chart and its templates, including the app version.
LOWexamples/helm_chart/values.yaml1# Default values for kubescape.
LOWexamples/online-boutique/emailservice.yaml1# Copyright 2018 Google LLC
LOWexamples/online-boutique/checkoutservice.yaml1# Copyright 2018 Google LLC
LOWexamples/online-boutique/recommendationservice.yaml1# Copyright 2018 Google LLC
LOWexamples/online-boutique/frontend.yaml1# Copyright 2018 Google LLC
LOWexamples/online-boutique/paymentservice.yaml1# Copyright 2018 Google LLC
LOWexamples/online-boutique/productcatalogservice.yaml1# Copyright 2018 Google LLC
LOWexamples/online-boutique/cartservice.yaml1# Copyright 2018 Google LLC
LOWexamples/online-boutique/loadgenerator.yaml1# Copyright 2018 Google LLC
LOWexamples/online-boutique/currencyservice.yaml1# Copyright 2018 Google LLC
LOWexamples/online-boutique/shippingservice.yaml1# Copyright 2018 Google LLC
LOWexamples/online-boutique/redis.yaml1# Copyright 2018 Google LLC
LOWexamples/online-boutique/adservice.yaml1# Copyright 2018 Google LLC
LOW.github/workflows/scorecard.yml41 with:
Decorative Section Separators6 hits · 27 pts
SeverityFileLineSnippet
MEDIUMexamples/helm_chart/values.yaml6# ┌────────────── timezone (optional)
MEDIUMexamples/helm_chart/values.yaml7# | ┌───────────── minute (0 - 59)
MEDIUMexamples/helm_chart/values.yaml8# | │ ┌───────────── hour (0 - 23)
MEDIUMexamples/helm_chart/values.yaml9# | │ │ ┌───────────── day of the month (1 - 31)
MEDIUMexamples/helm_chart/values.yaml10# | │ │ │ ┌───────────── month (1 - 12)
MEDIUMexamples/helm_chart/values.yaml11# | │ │ │ │ ┌───────────── day of the week (0 - 6) (Sunday to Saturday;
Redundant / Tautological Comments16 hits · 16 pts
SeverityFileLineSnippet
LOWcore/cautils/getter/testdata/NSA.json617 "rule": "package armo_builtins\n\n\n# Check if container has limits\ndeny[msga] {\n \tpods := [pod | pod = in
LOWcore/cautils/getter/testdata/NSA.json1687 "rule": "package armo_builtins\n\ndeny[msga] {\n\tdeployment := input[_]\n\tdeployment.kind == \"Deployment\"\
LOWcore/cautils/getter/testdata/NSA.json1747 "rule": "package armo_builtins\nimport data.cautils as cautils\n\n# Check if audit logs is enabled for GKE\nde
LOWcore/cautils/getter/testdata/NSA.json1790 "rule": "package armo_builtins\nimport data.cautils as cautils\n\n# Check if audit logs is enabled for native
LOWcore/cautils/getter/testdata/NSA.json1850 "rule": "package armo_builtins\n\n\n# Check if encryption in etcd in enabled for EKS\ndeny[msga] {\n\tcluster_
LOWcore/cautils/getter/testdata/NSA.json1893 "rule": "package armo_builtins\n\nimport data.cautils as cautils\n\n# Check if encryption in etcd is enabled f
LOWcore/cautils/getter/testdata/NSA.json1955 "rule": "package armo_builtins\n\n\n# Check if PSP is enabled for GKE\ndeny[msga] {\n\tcluster_config := input
LOWcore/cautils/getter/testdata/NSA.json1998 "rule": "package armo_builtins\n\n\n# Check if psp is enabled for native k8s\ndeny[msga] {\n\tapiserverpod :=
LOWcore/cautils/getter/testdata/MITRE.json2251 "rule": "package armo_builtins\n\ndeny[msga] {\n\tdeployment := input[_]\n\tdeployment.kind == \"Deployment\"\
LOWcore/cautils/getter/testdata/MITRE.json2311 "rule": "package armo_builtins\nimport data.cautils as cautils\n\n# Check if audit logs is enabled for GKE\nde
LOWcore/cautils/getter/testdata/MITRE.json2354 "rule": "package armo_builtins\nimport data.cautils as cautils\n\n# Check if audit logs is enabled for native
LOWcore/cautils/getter/testdata/MITRE.json2414 "rule": "package armo_builtins\n\n\n# Check if encryption in etcd in enabled for EKS\ndeny[msga] {\n\tcluster_
LOWcore/cautils/getter/testdata/MITRE.json2457 "rule": "package armo_builtins\n\nimport data.cautils as cautils\n\n# Check if encryption in etcd is enabled f
LOWcore/cautils/getter/testdata/MITRE.json2517 "rule": "package armo_builtins\n\n\n# Check if PSP is enabled for GKE\ndeny[msga] {\n\tcluster_config := input
LOWcore/cautils/getter/testdata/MITRE.json2560 "rule": "package armo_builtins\n\n\n# Check if psp is enabled for native k8s\ndeny[msga] {\n\tapiserverpod :=
LOWsmoke_testing/test_version.py24 # Check if RELEASE (with or without 'v' prefix) is in the output
Self-Referential Comments3 hits · 9 pts
SeverityFileLineSnippet
MEDIUMcmd/vap/vap.go31 # Create a policy binding by Kubescape control ID
MEDIUMcmd/vap/vap.go33 # Create a policy binding by ValidatingAdmissionPolicy name
MEDIUMexamples/cloud-vendor-integration/aws.sh35# Create a kubescape policy
AI Slop Vocabulary1 hit · 3 pts
SeverityFileLineSnippet
MEDIUMcore/pkg/hostsensorutils/utils_test.go20 // Essentially, unless we hit some extreme edge case, we never get an error to be added to the map.
Excessive Try-Catch Wrapping2 hits · 3 pts
SeverityFileLineSnippet
LOWsmoke_testing/smoke_utils.py17 except Exception as e:
MEDIUMsmoke_testing/smoke_utils.py7def run_command(command, stdin=subprocess.PIPE, stderr=subprocess.STDOUT):
Hyper-Verbose Identifiers1 hit · 1 pts
SeverityFileLineSnippet
LOWsmoke_testing/test_scan.py52def scan_all_format_pretty_printer(kubescape_exec: str):