Scanning files with the Visual Studio Code extension
ARMO provides a Visual Studio Code extension for Kubescape that you can download through the Visual Studio Marketplace.
The extension installs Kubescape extension, adds Kubscape commands to the Command Palette, and allows you to configure your scanning option using the extension’s built-in GUI.
By default, files are scanned after they’re saved. Scan results are displayed in the Problems tab in Visual Studio Code. You can also hover over errors in the editor and view details.
Before you begin
While the extension installs Kubescape, we recommend adding Kubscape to your PATH variable. For example:
export PATH=$PATH:/Users/<USER>/.kubescape/bin
Download and install the extension
You can download the extension from the following:
Using the extension
Open the Command Palette and type a command, such as scan
. You can type Kubescape
to view available commands.
Customize your scans
The Kubescape extension allows you to configure common options using the GUI.
- In the Extensions menu, select Kubescape, and click on the gear icon.
- Click Extension Settings.
Kubescape: Dir Path
By default the extension downloads a Kubescape binary file to run.
If you want to use a different or custom Kubescape executable, you can use the Dir Path option to point to the other binary file.
Kubescape: Scan On Save
A Kubescape scan can take some time to complete, so you might want to change when Kubescape scans your files.
By default a scan runs after a file is saved. You can restrict this to YAML files only or disable automatic scanning entirely.
If you choose none
, you must run a scan manually using the command palette.
Frameworks
Frameworks are collections of controls - preventative, detective, or corrective measures that can be taken to avoid, or contain, a security breach.
There are some built-in controls that kubescape can use by default. The extension downloads the controls locally for offline scanning and to increase scanning speed.
For a list of frameworks you can use with Kubescape, see the Kubescape documentation.
Choosing required frameworks
You can choose which frameworks are necessary by adding their names into the Required Frameworks configuration. This list only ensures that the frameworks in it are available. This list does not determine which frameworks are used to scan your files.
Default: Empty. All available frameworks are downloaded.
View the list of frameworks currently supported by ARMO Platform on the Frameworks page.
Overriding the framework directory
By default, the frameworks are downloaded to the kubescape
directory. You can copy or download any framework to this directory.
Alternatively, you can use the Custom Frameworks Dir configuration to choose a
different directory.
Default: Not set. Uses the kubescape binary directory.
Specify frameworks for scanning
To specify which frameworks to use for scanning, enter them in the Scan Frameworks configuration.
If the frameworks aren’t downloaded to the frameworks directory, they are downloaded automatically.
Default: Not set. Uses frameworks from the framework directory.
Kubescape: Version Tier
By default, a stable version of Kubescape that has been tested with this extension is downloaded and installed.
If you want to use the latest version, you can set the Version Tier option to latest
.
Updated about 1 year ago