Integrating with CircleCI workflows

How to integrate Kubescape to CircleCI workflows

Use CircleCI workflows to scan your Git repository for misconfigurations with Kubescape. Scan results are included in your workflow results.

Add scanning YAML files to your workflow

Add a job to download the latest Kubescape and run a scan with a CircleCI configuration file.

  1. Add .circleci/config.yml to your repository
  2. Add the following text to the contents of the config.yml to scan YAML files in your Git repository’s root directory:
version: 2.1

jobs:
  scan-application-yaml:
    docker:
      - image: quay.io/kubescape/kubescape:latest
    steps:
      - checkout
      - run:
          name: "Scan YAML"
          command: kubescape scan . -f junit -o results.xml    
      - store_artifacts:
          path: results.xml
          destination: TestResults
      - store_test_results:
          path: results.xml
      
workflows:
  application-delivery:
    jobs:
      - scan-application-yaml

This displays the results of your scan in your CircleCI workflow.

For more information about Kubescape commands, refer to the Kubescape documentation.

Scan your entire cluster in your workflow

If you want to scan your entire cluster after applying a new YAML, the CI/CD worker must be able to access the target Kubernetes cluster.

Add a cluster scan

When you create the job to scan your cluster, replace the scan step in the configuration with the following:

command: kubescape scan --exclude-namespaces kube-system,kube-public -f junit -o results.xml