feat: add support for k8s non-intrusive flag

Signed-off-by: chenk <[email protected]>

docs/docs/references/configuration/cli/trivy_kubernetes.md

@@ -66,6 +66,7 @@ trivy kubernetes [flags] { cluster | all | specific resources like kubectl. eg:
       --no-progress                       suppress progress bar
       --node-collector-imageref string    indicate the image reference for the node-collector scan job (default "ghcr.io/aquasecurity/node-collector:0.0.9")
       --node-collector-namespace string   specify the namespace in which the node-collector job should be deployed (default "trivy-temp")
+      --non-intrusive                     When the flag is activated, the node-collector job will not be executed, thus skipping misconfiguration findings on the node.
       --offline-scan                      do not issue API requests to identify dependencies
   -o, --output string                     output file name
       --output-plugin-arg string          [EXPERIMENTAL] output plugin arguments

pkg/flag/kubernetes_flags.go

@@ -58,10 +58,10 @@ var (
 		Shorthand:  "A",
 		Usage:      "fetch resources from all cluster namespaces",
 	}
-	Intrusive = Flag[bool]{
-		Name:       "intrusive",
-		ConfigName: "kubernetes.intrusive",
-		Usage:      "When the flag is activated, the node-collector job will be executed, revealing misconfiguration findings detected within the Node.",
+	NonIntrusive = Flag[bool]{
+		Name:       "non-intrusive",
+		ConfigName: "kubernetes.non.intrusive",
+		Usage:      "When the flag is activated, the node-collector job will not be executed, thus skipping misconfiguration findings on the node.",
 	}
 	NodeCollectorNamespace = Flag[string]{
 		Name:       "node-collector-namespace",
@@ -106,7 +106,7 @@ type K8sFlagGroup struct {
 	Components             *Flag[[]string]
 	K8sVersion             *Flag[string]
 	Tolerations            *Flag[[]string]
-	Intrusive              *Flag[bool]
+	NonIntrusive           *Flag[bool]
 	NodeCollectorImageRef  *Flag[string]
 	AllNamespaces          *Flag[bool]
 	NodeCollectorNamespace *Flag[string]
@@ -127,7 +127,7 @@ type K8sOptions struct {
 	AllNamespaces          bool
 	NodeCollectorNamespace string
 	ExcludeOwned           bool
-	Intrusive              bool
+	NonIntrusive           bool
 	ExcludeNodes           map[string]string
 	QPS                    float32
 	Burst                  int
@@ -141,7 +141,7 @@ func NewK8sFlagGroup() *K8sFlagGroup {
 		Components:             ComponentsFlag.Clone(),
 		K8sVersion:             K8sVersionFlag.Clone(),
 		Tolerations:            TolerationsFlag.Clone(),
-		Intrusive:              Intrusive.Clone(),
+		NonIntrusive:           NonIntrusive.Clone(),
 		AllNamespaces:          AllNamespaces.Clone(),
 		NodeCollectorNamespace: NodeCollectorNamespace.Clone(),
 		ExcludeOwned:           ExcludeOwned.Clone(),
@@ -163,6 +163,7 @@ func (f *K8sFlagGroup) Flags() []Flagger {
 		f.KubeConfig,
 		f.Components,
 		f.K8sVersion,
+		f.NonIntrusive,
 		f.Tolerations,
 		f.AllNamespaces,
 		f.NodeCollectorNamespace,
@@ -201,7 +202,7 @@ func (f *K8sFlagGroup) ToOptions() (K8sOptions, error) {
 		Components:             f.Components.Value(),
 		K8sVersion:             f.K8sVersion.Value(),
 		Tolerations:            tolerations,
-		Intrusive:              f.Intrusive.Value(),
+		NonIntrusive:           f.NonIntrusive.Value(),
 		AllNamespaces:          f.AllNamespaces.Value(),
 		NodeCollectorNamespace: f.NodeCollectorNamespace.Value(),
 		ExcludeOwned:           f.ExcludeOwned.Value(),

pkg/k8s/commands/cluster.go

@@ -27,7 +27,7 @@ func clusterRun(ctx context.Context, opts flag.Options, cluster k8s.Cluster) err
 			return xerrors.Errorf("get k8s artifacts with node info error: %w", err)
 		}
 	case types.FormatJSON, types.FormatTable:
-		if opts.Scanners.AnyEnabled(types.MisconfigScanner) && opts.Intrusive {
+		if opts.Scanners.AnyEnabled(types.MisconfigScanner) && !opts.NonIntrusive {
 			artifacts, err = trivyk8s.New(cluster, log.Logger, trivyk8s.WithExcludeOwned(opts.ExcludeOwned)).ListArtifactAndNodeInfo(ctx,
 				trivyk8s.WithScanJobNamespace(opts.NodeCollectorNamespace),
 				trivyk8s.WithIgnoreLabels(opts.ExcludeNodes),