fix: k8s hide empty report when scanning resource (#2517)

Signed-off-by: Jose Donizetti <jdbjunior@gmail.com>

pkg/k8s/commands/cluster.go

@@ -22,5 +22,5 @@ func clusterRun(ctx context.Context, opts flag.Options, cluster k8s.Cluster) err
 		return xerrors.Errorf("get k8s artifacts error: %w", err)
 	}
 
-	return run(ctx, opts, cluster.GetCurrentContext(), artifacts)
+	return run(ctx, opts, cluster.GetCurrentContext(), artifacts, true)
 }

pkg/k8s/commands/namespace.go

@@ -24,7 +24,7 @@ func namespaceRun(ctx context.Context, opts flag.Options, cluster k8s.Cluster) e
 		return xerrors.Errorf("get k8s artifacts error: %w", err)
 	}
 
-	return run(ctx, opts, cluster.GetCurrentContext(), artifacts)
+	return run(ctx, opts, cluster.GetCurrentContext(), artifacts, true)
 }
 
 func getNamespace(opts flag.Options, currentNamespace string) string {

pkg/k8s/commands/resource.go

@@ -33,7 +33,7 @@ func resourceRun(ctx context.Context, args []string, opts flag.Options, cluster
 			return err
 		}
 
-		return run(ctx, opts, cluster.GetCurrentContext(), targets)
+		return run(ctx, opts, cluster.GetCurrentContext(), targets, false)
 	}
 
 	// pod/NAME or pod NAME etc
@@ -42,7 +42,7 @@ func resourceRun(ctx context.Context, args []string, opts flag.Options, cluster
 		return err
 	}
 
-	return run(ctx, opts, cluster.GetCurrentContext(), []*artifacts.Artifact{artifact})
+	return run(ctx, opts, cluster.GetCurrentContext(), []*artifacts.Artifact{artifact}, false)
 }
 
 func extractKindAndName(args []string) (string, string, error) {

pkg/k8s/commands/run.go

@@ -41,7 +41,7 @@ func Run(ctx context.Context, args []string, opts flag.Options) error {
 	}
 }
 
-func run(ctx context.Context, opts flag.Options, cluster string, artifacts []*artifacts.Artifact) error {
+func run(ctx context.Context, opts flag.Options, cluster string, artifacts []*artifacts.Artifact, showEmpty bool) error {
 	ctx, cancel := context.WithTimeout(ctx, opts.Timeout)
 	defer cancel()
 
@@ -76,7 +76,7 @@ func run(ctx context.Context, opts flag.Options, cluster string, artifacts []*ar
 		Report:     opts.ReportFormat,
 		Output:     opts.Output,
 		Severities: opts.Severities,
-	}, opts.ScanOptions.SecurityChecks); err != nil {
+	}, opts.ScanOptions.SecurityChecks, showEmpty); err != nil {
 		return xerrors.Errorf("unable to write results: %w", err)
 	}
 

pkg/k8s/report/report.go

@@ -83,6 +83,10 @@ func (r Report) Failed() bool {
 	return false
 }
 
+func (r Report) empty() bool {
+	return len(r.Misconfigurations) == 0 && len(r.Vulnerabilities) == 0
+}
+
 func (r Report) consolidate() ConsolidatedReport {
 	consolidated := ConsolidatedReport{
 		SchemaVersion: r.SchemaVersion,
@@ -124,13 +128,15 @@ type Writer interface {
 }
 
 // Write writes the results in the give format
-func Write(report Report, option Option, securityChecks []string) error {
+func Write(report Report, option Option, securityChecks []string, showEmpty bool) error {
 	switch option.Format {
 	case jsonFormat:
 		jwriter := JSONWriter{Output: option.Output, Report: option.Report}
 		return jwriter.Write(report)
 	case tableFormat:
 		workloadReport, rbacReport := separateMisConfigRoleAssessment(report, securityChecks)
+
+		if !workloadReport.empty() || showEmpty {
 			WorkloadWriter := &TableWriter{
 				Output:        option.Output,
 				Report:        option.Report,
@@ -141,6 +147,9 @@ func Write(report Report, option Option, securityChecks []string) error {
 			if err != nil {
 				return err
 			}
+		}
+
+		if !rbacReport.empty() || showEmpty {
 			rbacWriter := &TableWriter{
 				Output:        option.Output,
 				Report:        option.Report,
@@ -148,6 +157,9 @@ func Write(report Report, option Option, securityChecks []string) error {
 				ColumnHeading: ColumnHeading(securityChecks, RoleColumns()),
 			}
 			return rbacWriter.Write(rbacReport)
+		}
+
+		return nil
 	default:
 		return xerrors.Errorf(`unknown format %q. Use "json" or "table"`, option.Format)
 	}