[DOCS] open sourcing (#78)

CONTRIBUTING.md

@@ -0,0 +1,44 @@
+# Contributing
+
+Thanks for your interest in contributing! This is an open source project, so we appreciate community contributions.
+
+Pull requests for bug fixes are welcome, but before submitting new features or changes to current functionalities [open an issue](https://github.com/DataDog/KubeHound/issues/new)
+and discuss your ideas or propose the changes you wish to make. After a resolution is reached a PR can be submitted for review. PRs created before a decision has been reached may be closed.
+
+For commit messages, try to use the same conventions as most Go projects, for example:
+
+```
+pkg/kubehound/graph: add new projected volume type support
+
+Added a new volume type support (Amazon EBS) to the model
+```
+
+Please apply the same logic for Pull Requests and Issues: start with the package name, followed by a colon and a description of the change, just like
+the official [Go language](https://github.com/golang/go/pulls).
+
+All new code is expected to be covered by tests.
+
+## PR Checks
+
+We expect all PR checks to pass before we merge a PR
+
+Please feel free to comment on a PR if there is any difficulty or confusion about any of the checks.
+
+## What to expect
+
+We try to review new PRs within two weeks of them being opened. If more than three weeks have passed with no reply, please feel free to comment on the PR to bubble it up.
+
+If a PR sits open for more than a month awaiting work or replies by the author, the PR may be closed due to staleness. If you would like to work on it again in the future, feel free to open a new PR and someone will review.
+
+## Adding an Attack
+
+To add a new attack to KubeHound, please do the following:
+
++ Document the attack in the [edges documentation](./edges/) directory
++ Define the attack constraints in the graph database [schema builder](../deployments/kubehound/janusgraph/kubehound-db-init.groovy)
++ Create an implementation of the [edge.Builder](../pkg/kubehound/graph/edge/builder.go) interface that determines whether attacks are possible by quering the store database and writes any found as edges into the graph database
++ Create the [resources](../test/setup/test-cluster/attacks/) file in the test cluster that will introduce an instance of the attack into the test cluster 
++ Add an [edge system test](../test/system/graph_edge_test.go) that verifies the attack is correctly created by KubeHound
+
+  See [here](https://github.com/DataDog/KubeHound/pull/68/files) for a previous example PR.
+

LICENSE-3rdparty.csv

@@ -0,0 +1,112 @@
+github.com/DataDog/KubeHound,https://github.com/DataDog/KubeHound/blob/HEAD/LICENSE,Apache-2.0
+github.com/DataDog/datadog-agent/pkg/obfuscate,https://github.com/DataDog/datadog-agent/blob/pkg/obfuscate/v0.45.0-rc.1/pkg/obfuscate/LICENSE,Apache-2.0
+github.com/DataDog/datadog-agent/pkg/remoteconfig/state,https://github.com/DataDog/datadog-agent/blob/pkg/remoteconfig/state/v0.45.0-rc.1/pkg/remoteconfig/state/LICENSE,Apache-2.0
+github.com/DataDog/datadog-go/v5/statsd,https://github.com/DataDog/datadog-go/blob/v5.1.1/LICENSE.txt,MIT
+github.com/DataDog/go-tuf,https://github.com/DataDog/go-tuf/blob/v0.3.0--fix-localmeta-fork/LICENSE,BSD-3-Clause
+github.com/DataDog/gostackparse,https://github.com/DataDog/gostackparse/blob/v0.5.0/LICENSE,Apache-2.0
+github.com/DataDog/sketches-go/ddsketch,https://github.com/DataDog/sketches-go/blob/v1.3.0/LICENSE,Apache-2.0
+github.com/alitto/pond,https://github.com/alitto/pond/blob/v1.8.3/LICENSE,MIT
+github.com/andres-erbsen/clock,https://github.com/andres-erbsen/clock/blob/9e14626cd129/LICENSE,MIT
+github.com/apache/tinkerpop/gremlin-go/v3/driver,https://github.com/apache/tinkerpop/blob/gremlin-go/v3.6.4/gremlin-go/driver/README.md,Apache-2.0
+github.com/beorn7/perks/quantile,https://github.com/beorn7/perks/blob/v1.0.1/LICENSE,MIT
+github.com/cespare/xxhash/v2,https://github.com/cespare/xxhash/blob/v2.2.0/LICENSE.txt,MIT
+github.com/davecgh/go-spew/spew,https://github.com/davecgh/go-spew/blob/v1.1.1/LICENSE,ISC
+github.com/dustin/go-humanize,https://github.com/dustin/go-humanize/blob/v1.0.0/LICENSE,MIT
+github.com/emicklei/go-restful/v3,https://github.com/emicklei/go-restful/blob/v3.9.0/LICENSE,MIT
+github.com/evanphx/json-patch/v5,https://github.com/evanphx/json-patch/blob/v5.6.0/v5/LICENSE,BSD-3-Clause
+github.com/fsnotify/fsnotify,https://github.com/fsnotify/fsnotify/blob/v1.6.0/LICENSE,BSD-3-Clause
+github.com/go-logr/logr,https://github.com/go-logr/logr/blob/v1.2.4/LICENSE,Apache-2.0
+github.com/go-openapi/jsonpointer,https://github.com/go-openapi/jsonpointer/blob/v0.19.6/LICENSE,Apache-2.0
+github.com/go-openapi/jsonreference,https://github.com/go-openapi/jsonreference/blob/v0.20.1/LICENSE,Apache-2.0
+github.com/go-openapi/swag,https://github.com/go-openapi/swag/blob/v0.22.3/LICENSE,Apache-2.0
+github.com/gogo/protobuf,https://github.com/gogo/protobuf/blob/v1.3.2/LICENSE,BSD-3-Clause
+github.com/golang/groupcache/lru,https://github.com/golang/groupcache/blob/41bb18bfe9da/LICENSE,Apache-2.0
+github.com/golang/protobuf,https://github.com/golang/protobuf/blob/v1.5.3/LICENSE,BSD-3-Clause
+github.com/golang/snappy,https://github.com/golang/snappy/blob/v0.0.4/LICENSE,BSD-3-Clause
+github.com/google/gnostic,https://github.com/google/gnostic/blob/v0.5.7-v3refs/LICENSE,Apache-2.0
+github.com/google/go-cmp/cmp,https://github.com/google/go-cmp/blob/v0.5.9/LICENSE,BSD-3-Clause
+github.com/google/gofuzz,https://github.com/google/gofuzz/blob/v1.2.0/LICENSE,Apache-2.0
+github.com/google/pprof/profile,https://github.com/google/pprof/blob/4bb14d4b1be1/LICENSE,Apache-2.0
+github.com/google/uuid,https://github.com/google/uuid/blob/v1.3.0/LICENSE,BSD-3-Clause
+github.com/gorilla/websocket,https://github.com/gorilla/websocket/blob/v1.5.0/LICENSE,BSD-2-Clause
+github.com/hashicorp/errwrap,https://github.com/hashicorp/errwrap/blob/v1.1.0/LICENSE,MPL-2.0
+github.com/hashicorp/go-multierror,https://github.com/hashicorp/go-multierror/blob/v1.1.1/LICENSE,MPL-2.0
+github.com/hashicorp/hcl,https://github.com/hashicorp/hcl/blob/v1.0.0/LICENSE,MPL-2.0
+github.com/imdario/mergo,https://github.com/imdario/mergo/blob/v0.3.6/LICENSE,BSD-3-Clause
+github.com/josharian/intern,https://github.com/josharian/intern/blob/v1.0.0/license.md,MIT
+github.com/json-iterator/go,https://github.com/json-iterator/go/blob/v1.1.12/LICENSE,MIT
+github.com/klauspost/compress,https://github.com/klauspost/compress/blob/v1.15.0/LICENSE,Apache-2.0
+github.com/klauspost/compress/internal/snapref,https://github.com/klauspost/compress/blob/v1.15.0/internal/snapref/LICENSE,BSD-3-Clause
+github.com/klauspost/compress/zstd/internal/xxhash,https://github.com/klauspost/compress/blob/v1.15.0/zstd/internal/xxhash/LICENSE.txt,MIT
+github.com/magiconair/properties,https://github.com/magiconair/properties/blob/v1.8.7/LICENSE.md,BSD-2-Clause
+github.com/mailru/easyjson,https://github.com/mailru/easyjson/blob/v0.7.7/LICENSE,MIT
+github.com/matttproud/golang_protobuf_extensions/pbutil,https://github.com/matttproud/golang_protobuf_extensions/blob/v1.0.4/LICENSE,Apache-2.0
+github.com/mitchellh/mapstructure,https://github.com/mitchellh/mapstructure/blob/v1.5.0/LICENSE,MIT
+github.com/modern-go/concurrent,https://github.com/modern-go/concurrent/blob/bacd9c7ef1dd/LICENSE,Apache-2.0
+github.com/modern-go/reflect2,https://github.com/modern-go/reflect2/blob/v1.0.2/LICENSE,Apache-2.0
+github.com/montanaflynn/stats,https://github.com/montanaflynn/stats/blob/1bf9dbcd8cbe/LICENSE,MIT
+github.com/munnerz/goautoneg,https://github.com/munnerz/goautoneg/blob/a7dc8b61c822/LICENSE,BSD-3-Clause
+github.com/nicksnyder/go-i18n/v2,https://github.com/nicksnyder/go-i18n/blob/v2.2.1/v2/LICENSE,MIT
+github.com/outcaste-io/ristretto,https://github.com/outcaste-io/ristretto/blob/v0.2.1/LICENSE,Apache-2.0
+github.com/outcaste-io/ristretto/z,https://github.com/outcaste-io/ristretto/blob/v0.2.1/z/LICENSE,MIT
+github.com/pelletier/go-toml/v2,https://github.com/pelletier/go-toml/blob/v2.0.6/LICENSE,MIT
+github.com/philhofer/fwd,https://github.com/philhofer/fwd/blob/v1.1.1/LICENSE.md,MIT
+github.com/pkg/errors,https://github.com/pkg/errors/blob/v0.9.1/LICENSE,BSD-2-Clause
+github.com/prometheus/client_golang/prometheus,https://github.com/prometheus/client_golang/blob/v1.15.1/LICENSE,Apache-2.0
+github.com/prometheus/client_model/go,https://github.com/prometheus/client_model/blob/v0.4.0/LICENSE,Apache-2.0
+github.com/prometheus/common,https://github.com/prometheus/common/blob/v0.42.0/LICENSE,Apache-2.0
+github.com/prometheus/common/internal/bitbucket.org/ww/goautoneg,https://github.com/prometheus/common/blob/v0.42.0/internal/bitbucket.org/ww/goautoneg/README.txt,BSD-3-Clause
+github.com/prometheus/procfs,https://github.com/prometheus/procfs/blob/v0.9.0/LICENSE,Apache-2.0
+github.com/richardartoul/molecule,https://github.com/richardartoul/molecule/blob/32cfee06a052/LICENSE,MIT
+github.com/richardartoul/molecule/src/codec,https://github.com/richardartoul/molecule/blob/32cfee06a052/src/codec/LICENSE,Apache-2.0
+github.com/richardartoul/molecule/src/protowire,https://github.com/richardartoul/molecule/blob/32cfee06a052/src/protowire/LICENSE,BSD-3-Clause
+github.com/secure-systems-lab/go-securesystemslib/cjson,https://github.com/secure-systems-lab/go-securesystemslib/blob/v0.5.0/LICENSE,MIT
+github.com/sirupsen/logrus,https://github.com/sirupsen/logrus/blob/v1.9.0/LICENSE,MIT
+github.com/spaolacci/murmur3,https://github.com/spaolacci/murmur3/blob/v1.1.0/LICENSE,BSD-3-Clause
+github.com/spf13/afero,https://github.com/spf13/afero/blob/v1.9.3/LICENSE.txt,Apache-2.0
+github.com/spf13/cast,https://github.com/spf13/cast/blob/v1.5.0/LICENSE,MIT
+github.com/spf13/cobra,https://github.com/spf13/cobra/blob/v1.6.1/LICENSE.txt,Apache-2.0
+github.com/spf13/jwalterweatherman,https://github.com/spf13/jwalterweatherman/blob/v1.1.0/LICENSE,MIT
+github.com/spf13/pflag,https://github.com/spf13/pflag/blob/v1.0.5/LICENSE,BSD-3-Clause
+github.com/spf13/viper,https://github.com/spf13/viper/blob/v1.15.0/LICENSE,MIT
+github.com/subosito/gotenv,https://github.com/subosito/gotenv/blob/v1.4.2/LICENSE,MIT
+github.com/tinylib/msgp/msgp,https://github.com/tinylib/msgp/blob/v1.1.6/LICENSE,MIT
+github.com/xdg-go/pbkdf2,https://github.com/xdg-go/pbkdf2/blob/v1.0.0/LICENSE,Apache-2.0
+github.com/xdg-go/scram,https://github.com/xdg-go/scram/blob/v1.1.1/LICENSE,Apache-2.0
+github.com/xdg-go/stringprep,https://github.com/xdg-go/stringprep/blob/v1.0.3/LICENSE,Apache-2.0
+github.com/youmark/pkcs8,https://github.com/youmark/pkcs8/blob/1be2e3e5546d/LICENSE,MIT
+go.mongodb.org/mongo-driver,https://github.com/mongodb/mongo-go-driver/blob/v1.11.6/LICENSE,Apache-2.0
+go.uber.org/atomic,https://github.com/uber-go/atomic/blob/v1.10.0/LICENSE.txt,MIT
+go.uber.org/ratelimit,https://github.com/uber-go/ratelimit/blob/v0.2.0/LICENSE,MIT
+golang.org/x/crypto,https://cs.opensource.google/go/x/crypto/+/v0.7.0:LICENSE,BSD-3-Clause
+golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.10.0:LICENSE,BSD-3-Clause
+golang.org/x/oauth2,https://cs.opensource.google/go/x/oauth2/+/v0.5.0:LICENSE,BSD-3-Clause
+golang.org/x/sync/errgroup,https://cs.opensource.google/go/x/sync/+/v0.2.0:LICENSE,BSD-3-Clause
+golang.org/x/sys/unix,https://cs.opensource.google/go/x/sys/+/v0.8.0:LICENSE,BSD-3-Clause
+golang.org/x/term,https://cs.opensource.google/go/x/term/+/v0.8.0:LICENSE,BSD-3-Clause
+golang.org/x/text,https://cs.opensource.google/go/x/text/+/v0.9.0:LICENSE,BSD-3-Clause
+golang.org/x/time/rate,https://cs.opensource.google/go/x/time/+/v0.3.0:LICENSE,BSD-3-Clause
+golang.org/x/xerrors,https://cs.opensource.google/go/x/xerrors/+/04be3eba:LICENSE,BSD-3-Clause
+gomodules.xyz/jsonpatch/v2,https://github.com/gomodules/jsonpatch/blob/v2.3.0/v2/LICENSE,Apache-2.0
+google.golang.org/protobuf,https://github.com/protocolbuffers/protobuf-go/blob/v1.30.0/LICENSE,BSD-3-Clause
+gopkg.in/DataDog/dd-trace-go.v1,https://github.com/DataDog/dd-trace-go/blob/v1.51.0/LICENSE,Apache-2.0
+gopkg.in/inf.v0,https://github.com/go-inf/inf/blob/v0.9.1/LICENSE,BSD-3-Clause
+gopkg.in/ini.v1,https://github.com/go-ini/ini/blob/v1.67.0/LICENSE,Apache-2.0
+gopkg.in/yaml.v2,https://github.com/go-yaml/yaml/blob/v2.4.0/LICENSE,Apache-2.0
+gopkg.in/yaml.v3,https://github.com/go-yaml/yaml/blob/v3.0.1/LICENSE,MIT
+k8s.io/api,https://github.com/kubernetes/api/blob/v0.27.2/LICENSE,Apache-2.0
+k8s.io/apiextensions-apiserver/pkg/apis/apiextensions,https://github.com/kubernetes/apiextensions-apiserver/blob/v0.27.2/LICENSE,Apache-2.0
+k8s.io/apimachinery/pkg,https://github.com/kubernetes/apimachinery/blob/v0.27.2/LICENSE,Apache-2.0
+k8s.io/apimachinery/third_party/forked/golang,https://github.com/kubernetes/apimachinery/blob/v0.27.2/third_party/forked/golang/LICENSE,BSD-3-Clause
+k8s.io/client-go,https://github.com/kubernetes/client-go/blob/v0.27.2/LICENSE,Apache-2.0
+k8s.io/component-base/config,https://github.com/kubernetes/component-base/blob/v0.27.2/LICENSE,Apache-2.0
+k8s.io/klog/v2,https://github.com/kubernetes/klog/blob/v2.90.1/LICENSE,Apache-2.0
+k8s.io/kube-openapi/pkg,https://github.com/kubernetes/kube-openapi/blob/8b0f38b5fd1f/LICENSE,Apache-2.0
+k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json,https://github.com/kubernetes/kube-openapi/blob/8b0f38b5fd1f/pkg/internal/third_party/go-json-experiment/json/LICENSE,BSD-3-Clause
+k8s.io/kube-openapi/pkg/validation/spec,https://github.com/kubernetes/kube-openapi/blob/8b0f38b5fd1f/pkg/validation/spec/LICENSE,Apache-2.0
+k8s.io/utils,https://github.com/kubernetes/utils/blob/a36077c30491/LICENSE,Apache-2.0
+k8s.io/utils/internal/third_party/forked/golang/net,https://github.com/kubernetes/utils/blob/a36077c30491/internal/third_party/forked/golang/LICENSE,BSD-3-Clause
+sigs.k8s.io/controller-runtime,https://github.com/kubernetes-sigs/controller-runtime/blob/v0.15.0/LICENSE,Apache-2.0
+sigs.k8s.io/json,https://github.com/kubernetes-sigs/json/blob/bc3834ca7abd/LICENSE,Apache-2.0
+sigs.k8s.io/structured-merge-diff/v4,https://github.com/kubernetes-sigs/structured-merge-diff/blob/v4.2.3/LICENSE,Apache-2.0
+sigs.k8s.io/yaml,https://github.com/kubernetes-sigs/yaml/blob/v1.3.0/LICENSE,MIT

Makefile

@@ -149,3 +149,9 @@ sample-graph: | local-cluster-deploy backend-up build ## Create the kind cluster
 .PHONY: help
 help: ## Show this help
 	@grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(HELP_MAKEFILE_LIST) | sort | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}'
+
+.PHONY: thirdparty-licenses
+thirdparty-licenses:
+	go get github.com/google/go-licenses
+	go install github.com/google/go-licenses
+	$(GOPATH)/bin/go-licenses csv github.com/DataDog/KubeHound/cmd/kubehound | sort > $(ROOT_DIR)/LICENSE-3rdparty.csv

NOTICE

@@ -0,0 +1,4 @@
+KubeHound
+Copyright 2023-Present Datadog, Inc.
+
+This product includes software developed at Datadog (<https://www.datadoghq.com/).>

README.md

@@ -8,7 +8,7 @@ A Kubernetes attack graph tool allowing automated calculation of attack paths be
 
 + For an overview of the application architecture see the [design canvas](./docs/application/Architecture.excalidraw)
 + To see the attacks covered see the [edge definitions](./docs/edges/)
-+ To contribute a new attack to the project follow the [attack guide](./docs/ATTACKS.md)
++ To contribute a new attack to the project follow the [contribution guidelines](./CONTRIBUTING.md)
 
 ## Requirements
 

SECURITY.md

@@ -0,0 +1,14 @@
+# Security Policy
+
+## Supported Versions
+
+Use this section to tell people about which versions of your project are
+currently being supported with security updates.
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 1.x     | :white_check_mark: |
+
+## Reporting a Vulnerability
+
+Contact the Datadog security team via [email](mailto:security@datadoghq.com)