CircleCI
How to integrate Kubescape to CircleCI workflows
Scanning YAML files in your workflow
Basic setup
- Add
.circleci/config.yml
to your repository - Add the following text to the contents of the
config.yml
to scan your Kubernetes objects
version: 2.1
jobs:
scan-application-yaml:
docker:
- image: quay.io/kubescape/kubescape:latest
steps:
- checkout
- run:
name: "Scan YAML"
command: kubescape scan . -f junit -o results.xml
- store_artifacts:
path: results.xml
destination: TestResults
- store_test_results:
path: results.xml
workflows:
application-delivery:
jobs:
- scan-application-yaml
This will scan your YAML files in the root directory of your Git repository.
Scanning your entire Cluster in your workflow
In some cases, you would want to scan your entire cluster after you applied the new YAML.
Note that in this case, you need the CI/CD worker to have access to the target K8s cluster.
Adding Cluster Scan
Follow the instruction for scanning a YAML file (#Scanning-YAML-files-in-your-workflow)
Replace the scan step with:
command: kubescape scan --exclude-namespaces kube-system,kube-public -f junit -o results.xml
Updated about 1 year ago