Azure DevOps pipeline
How to integrate Kubescape to Azure DevOps pipelines
Scanning YAML files in your YAML workflow
Basic setup - for YAML pipeline
- Create
azure-pipelines.yml
file in the root of your repository - Add the following contents to this file to scan the Kubernetes objects in your YAML files
trigger:
- master
pool:
vmImage: 'ubuntu-18.04'
container: jmferrer/azure-devops-agent:latest
steps:
- script: |
mkdir $HOME/.local/bin
export PATH=$PATH:$HOME/.local/bin
curl -s https://raw.githubusercontent.com/kubescape/kubescape/master/install.sh | /bin/bash
kubescape scan .
displayName: 'Run Kubescape'
- Run the pipeline
- You can see the results in the pipeline logs (skip to "Using results")
Basic setup - for classic pipeline
If you are not defining your pipelines in YAML files, you can still use the classic pipelines.
- Create a "kubescape-scan.sh" in your code repository with the following contents (pointing to the YAML files you are about to scan in the command line instead of
*.yaml
)
#!/bin/bash
mkdir $HOME/.local/bin
export PATH=$PATH:$HOME/.local/bin
curl -s https://raw.githubusercontent.com/kubescape/kubescape/master/install.sh | /bin/bash
kubescape scan --format junit --output results.xml .
- Add a bash script task
- Point to the "kubescape-scan.sh" we created in step 1
- Save and run the pipeline
Using test results - for YAML pipeline
You can also have the pipeline parsing your results. You need to add a "Publish Test Results task".
Here is the same configuration as above with the added "Publish Test Results task".
trigger:
- master
pool:
vmImage: 'ubuntu-18.04'
container: jmferrer/azure-devops-agent:latest
steps:
- script: |
mkdir $HOME/.local/bin
export PATH=$PATH:$HOME/.local/bin
curl -s https://raw.githubusercontent.com/kubescape/kubescape/master/install.sh | /bin/bash
kubescape scan --format junit --output results.xml .
displayName: 'Run Kubescape'
- task: PublishTestResults@2
inputs:
testResultsFormat: 'JUnit'
testResultsFiles: 'results.xml'
Using test results - for classic pipeline
- Edit the pipeline
- Add a "Publish Test Results" task after the Kubescape scan task
- Point to
results.xml
created by the previous task - Save the pipeline
Re-running the pipeline will enable Azure DevOps to parse the results
Updated about 1 year ago