Kubescape enables third party authentication SSO using SAML or OIDC to its SaaS portal. This enables you to associate your account with all e-mails coming from an authorized domain name.
Please setup the required SAML or OpenID Connect application with your identity provider.
Then go to the Kubescape SaaS portal find user management:
Then go to SSO in the dialog screen
Click "Add New" and follow the instructions.
There are some controls that check the relation between the kubernetes manifest and vulnerabilities.
For these controls to work properly, scanning with the third-party authentication SSO is necessary.
kubescape scan --submit --account=<account ID> --client-id=<generated client id> --secret-key=<generated secret key>
For CICD, set environments variables as follows:
KS_ACCOUNT_ID // account id KS_CLIENT_ID // client id KS_SECRET_KEY // access key
When installing the helm chart (as described in the installation of kubescape helm chart in cluster, set the
helm upgrade --install armo armo/armo-cluster-components -n armo-system --create-namespace --set clusterName=`kubectl config current-context` --set accountGuid=<account ID> --set clientID=<generated client id> --set secretKey=<generated secret key>
Updated 15 days ago