.circleci/config.ymlto your repository
- Add the following text to the contents of the
config.ymlto scan your Kubernetes objects
version: 2.1 jobs: scan-application-yaml: docker: - image: quay.io/armosec/kubescape:latest steps: - checkout - run: name: "Scan YAML" command: kubescape scan framework nsa *.yaml -f junit -o results.xml - store_artifacts: path: results.xml destination: TestResults - store_test_results: path: results.xml workflows: application-delivery: jobs: - scan-application-yaml
This will scan your YAML files in the root directory of your Git repository.
In some cases you would want to scan your entire cluster after you applied the new YAML.
Note that in this case you need the CI/CD worker to have access to the target K8s cluster.
Follow the instruction as in scanning a YAML file (#Scanning-YAML-files-in-your-workflow)
Replace the scan step with:
command: kubescape scan framework nsa --exclude-namespaces kube-system,kube-public -f junit -o results.xml
Updated 8 months ago