Integrating with CircleCI workflows
How to integrate Kubescape to CircleCI workflows
Use CircleCI workflows to scan your Git repository for misconfigurations with Kubescape. Scan results are included in your workflow results.
Add scanning YAML files to your workflow
Add a job to download the latest Kubescape and run a scan with a CircleCI configuration file.
- Add
.circleci/config.yml
to your repository - Add the following text to the contents of the
config.yml
to scan YAML files in your Git repository’s root directory:
version: 2.1
jobs:
scan-application-yaml:
docker:
- image: quay.io/kubescape/kubescape:latest
steps:
- checkout
- run:
name: "Scan YAML"
command: kubescape scan . -f junit -o results.xml
- store_artifacts:
path: results.xml
destination: TestResults
- store_test_results:
path: results.xml
workflows:
application-delivery:
jobs:
- scan-application-yaml
This displays the results of your scan in your CircleCI workflow.
For more information about Kubescape commands, refer to the Kubescape documentation.
Scan your entire cluster in your workflow
If you want to scan your entire cluster after applying a new YAML, the CI/CD worker must be able to access the target Kubernetes cluster.
Add a cluster scan
When you create the job to scan your cluster, replace the scan step in the configuration with the following:
command: kubescape scan --exclude-namespaces kube-system,kube-public -f junit -o results.xml
Updated 5 months ago