Use GitLab jobs to scan your YAML files for misconfigurations with Kubescape. Scan results are displayed in the jobs result log.
Add a custom YAML file to your repository that downloads and runs Kubescape, and then view the scan report in the result log.
- Create a YAML file in your repository named
- Add the following to the file:
- apk add curl gcompat
- curl -s https://raw.githubusercontent.com/kubescape/kubescape/master/install.sh | bash
- kubescape scan .
This prints the scan results to GitLab CI/CD’s Jobs page.
If you want to use Kubescape as a security gate in your delivery process, you can set up a failure threshold.
For example, if you want to make sure that at least 80% of your objects pass the security checks, add
--compliance-threshold 80 to
kubescape scan --compliance-threshold 80 .
When you add a threshold, the job passes only when 80% or more security checks pass. If less than 80% pass, the job fails.
If you want to scan your entire cluster after applying a new YAML, the CI/CD worker must be able to access the target Kubernetes cluster.
When you create the job to scan your cluster, replace the scan step in the YAML file with the following:
kubescape scan --exclude-namespaces kube-system,kube-public
Updated 3 months ago