K8sAttackMap

• Fixed README, SECURITY.md and CONTRIBUTING.md docs
• Creating demo video

• Improved the codebase to fix codebase readability, cleanliness, maintainability issues
• Improved the privilege escalation loop detector code
• Included more analysis outputs in the pdf report generated

Known Issues:

• Pdf Report generator gives error although it successfully creates the PDF
• Configured hop count is not injected in the html visualisation

• Enhanced the project structure by properly modularising the code
• Improved performance by removing duplicate computation code
• Improved the UI/UX of the CLI by formatting the “All Discovered Paths” output and truncating CVE IDs list
• Also, added a CLI flag to control whether to show all paths

• Changed the automatic source and target node classification heuristics from ID, type and name based to configuration (like RBAC) based to give more confidence in finding potential nodes
• Updated the attack path finding, blast radius and the choke point identification to use the security configuration (posture) for each node processed

🔑 Core Foundation

• Maven project structure with organized packages (analysis, ingestion, model, security, export, cli, util)
• Cluster ingestion via kubectl + JSON parsing (KubectlExtractor, K8sJsonParser)
• Graph pipeline with ClusterGraphFactory, GraphNode, GraphEdge

🛡️ Attack Path Analysis

• Path discovery with traversal + shortest path (AttackPathDiscovery, Dijkstra, AllDirectedPaths)
• Structured I/O models (AnalysisInput, AnalysisResult, PathDiscoveryResult)
• Auto source/target classification via AttackSurfaceClassifier

⚔️ Choke Point Detection

• Identification logic (ChokePointIdentifier)
• Ranking by severed paths (frequency + ID tie-break)
• Default independent ranking; advanced sequential elimination planned

🌐 Blast Radius & Impact

• Blast radius analysis (BlastRadiusAnalyzer)
• Models: BlastRadiusResult, ImpactedAsset, ImpactSeverity
• Severity scoring + remediation advisor (ImpactRemediationAdvisor)

🛠️ Remediation Planning

• Choke-point remediation (ChokePointRemediationAdvisor, RemediationPlan)
• Node ID parsing → targeted command templates
• Audit-first, enforce-next strategy

🔄 Orchestration

• Refactored AnalysisOrchestrator → unified coordinator
• Runs discovery, choke points, blast radius, remediation → returns AnalysisResult

📊 Reporting & Output

• Summary printer (AnalysisSummaryPrinter)
• Export orchestration (ExportService) in progress
• Existing exporters: CytoscapeExporter (HTML), PdfReportEngine (PDF)

📣 Logging & CLI

• Reduced duplication between console + logger
• Reporting abstraction (ProgressReporter, OutputReporter)
• Refactoring ANSI color pollution in logs

⚠️ Known Gaps / Tech Debt

• Console/logging/analysis concerns still mixed
• ANSI color tokens pollute logs
• Output flow (summary vs export) not fully unified
• Duplicated helpers in Main, presenter, export logic
• Verify JDK compatibility for List#getFirst()