Integrating with Azure DevOps pipeline

Use Azure DevOps pipelines to scan your YAML files for misconfigurations with Kubescape. Scan results are included as part of your pipelines.

Add scanning YAML files to your workflow

Scan your repository using either the YAML pipeline or the classic pipeline.

YAML pipeline

1. In the root of your repository, create a file named azure-pipelines.yml.

2. Add the following to the file to scan the Kubernetes objects in your YAML files.

   YAML

   trigger:
   - master
   
   pool:
     vmImage: 'ubuntu-18.04'
   
   container: jmferrer/azure-devops-agent:latest
   
   steps:
   - script:  |
       mkdir $HOME/.local/bin
       export PATH=$PATH:$HOME/.local/bin
       curl -s https://raw.githubusercontent.com/kubescape/kubescape/master/install.sh | /bin/bash
       kubescape scan .  
     displayName: 'Run Kubescape'
   

3. Run the pipeline, and view the results in the pipeline logs.

   

4. Add a Publish Test Results task to allow the pipeline to parse your results.

   YAML

   - task: PublishTestResults@2
    inputs:
      testResultsFormat: 'JUnit' 
      testResultsFiles: 'results.xml'
   

5. Run the pipeline again to enable Azure DevOps to parse the results.

Classic pipeline

1. Create a kubescape-scan.sh file in your code repository, and then add the following: (pointing to the YAML files you are about to scan in the command line instead of *.yaml )

   Shell

   #!/bin/bash
   mkdir $HOME/.local/bin
   export PATH=$PATH:$HOME/.local/bin
   curl -s https://raw.githubusercontent.com/kubescape/kubescape/master/install.sh | /bin/bash
   kubescape scan --format junit --output results.xml .
   

2. Add a bash script task and point it to Kubescape-scan.sh.

3. Point to the kubescape-scan.sh file.

   

4. Add a Publish Test Results task after the Kubescape scan task.

   

5. Point to results.xml.

6. Save and run the pipeline.

After the pipelines run, Azure DevOPs parses the scan results.