Azure DevOps pipeline

How to integrate Kubescape to Azure DevOps pipelines

Scanning YAML files in your YAML workflow

Basic setup - for YAML pipeline

  1. Create azure-pipelines.yml file in the root of your repository
  2. Add the following contents to this file to scan the Kubernetes objects in your YAML files
trigger:
- master

pool:
  vmImage: 'ubuntu-18.04'

container: jmferrer/azure-devops-agent:latest

steps:
- script:  |
    mkdir $HOME/.local/bin
    export PATH=$PATH:$HOME/.local/bin
    curl -s https://raw.githubusercontent.com/kubescape/kubescape/master/install.sh | /bin/bash
    kubescape scan .  
  displayName: 'Run Kubescape'
  1. Run the pipeline
  2. You can see the results in the pipeline logs (skip to "Using results")
1917

Basic setup - for classic pipeline

If you are not defining your pipelines in YAML files, you can still use the classic pipelines.

  1. Create a "kubescape-scan.sh" in your code repository with the following contents (pointing to the YAML files you are about to scan in the command line instead of *.yaml )
#!/bin/bash
mkdir $HOME/.local/bin
export PATH=$PATH:$HOME/.local/bin
curl -s https://raw.githubusercontent.com/kubescape/kubescape/master/install.sh | /bin/bash
kubescape scan --format junit --output results.xml .
  1. Add a bash script task
  2. Point to the "kubescape-scan.sh" we created in step 1
1417
  1. Save and run the pipeline

Using test results - for YAML pipeline

You can also have the pipeline parsing your results. You need to add a "Publish Test Results task".

Here is the same configuration as above with the added "Publish Test Results task".

trigger:
- master

pool:
  vmImage: 'ubuntu-18.04'

container: jmferrer/azure-devops-agent:latest

steps:
- script:  |
    mkdir $HOME/.local/bin
    export PATH=$PATH:$HOME/.local/bin
    curl -s https://raw.githubusercontent.com/kubescape/kubescape/master/install.sh | /bin/bash
    kubescape scan --format junit --output results.xml .
  displayName: 'Run Kubescape'
- task: PublishTestResults@2
  inputs:
    testResultsFormat: 'JUnit' 
    testResultsFiles: 'results.xml'

Using test results - for classic pipeline

  1. Edit the pipeline
  2. Add a "Publish Test Results" task after the Kubescape scan task
  3. Point to results.xml created by the previous task
  4. Save the pipeline
1403

Re-running the pipeline will enable Azure DevOps to parse the results

1920