Create a YAML file in your repository under
.gitlab-ci.yml and add the following content
image: bash:latest stages: - scan scan: stage: scan script: - apk add curl gcompat - curl -s https://raw.githubusercontent.com/kubescape/kubescape/master/install.sh | bash - kubescape scan .
This will print the results to the result log of pipeline
In case you not only want to use Kubescape for logging but also as a security gate in your delivery process, you can set up a failure threshold.
For example, if you want to make sure that at least 80% of your objects are passing the security checks, you can invoke the tool with
-t option with the appropriate parameter:
kubescape scan -t 80 .
This will return failure in case the results are getting below 80%.
In some cases, you would want to scan your entire cluster after you applied the new YAML.
Note that in this case, you need the CI/CD worker to have access to the target K8s cluster.
Follow the instruction for scanning a YAML file (#Scanning-YAML-files-in-your-workflow)
Replace the scan step with:
kubescape scan --exclude-namespaces kube-system,kube-public
Updated 10 months ago