Visual studio extension brings the power 💪 of Kubescape directly into your
favorite text editor.
Yaml files can be scanned using a command.
You can access any of this extension commands by opening the Command Palette (Ctrl+Shift+P on Linux/Windows and Cmd+Shift+P on Mac), and then typing in the command name.
The default behavior also scans yaml files on save 💾.
Scanning results are marked and can be found in
vscode 'PROBLEMS' tab. There is also a hover info that can be viewed on marked positions.
This extension downloads the latest Kubescape version.
However, it is recommended to have Kubescape installed in your path.
Currently the following options can be configured:
By default, this extension uses it's own kubescape binary in order to provide
a stable experience as it can.
If, however, you desire to use a different or maybe a custom kubescape executable
you can use the option
Dir Path which a custom directory on your system.
As for now, kubescape scan can take a while, so it might be unwise to run scans
without a good reason (like a dirty file).
I chose to do a background scan only when a new file is saved on the disk.
To choose between available files to scan on save use the option
Scan On Save.
Default : scan on save for all supported files.
Frameworks are collections of controls.
There are some builtin controls that kubescape can use by default and can be
downloaded locally for an offline scan.
Kubescape extension for vscode is using this method to increase it's scanning
One can choose which frameworks are necessary by adding their names into the
Required Frameworks configuration. This list only ensure that the frameworks
in it will be downloaded - it's not marking them for scaning usage.
Default : Empty. Meaning all available framework will be downloaded.
The used frameworks are getting downloaded to kubescape directory by default.
One can simply copy / download to this directory any desired framework.
Alternatively, you can use
Custom Frameworks Dir configuration to choose a
different directory for frameworks.
Default: Not set. Use kubescape binary directory.
To specify which framework to use for scanning you can list them in the
Scan Frameworks configuration.
Those frameworks will be used at the moment of a scan. If not exists - they will
be downloaded automatically.
Default: Not set. Use frameworks from the framework directory.
By default, I use a version of kubescape which is teseted more against integration
with this extension.
If, however, one wishes to use the latest and greatest it can be configured via
Version Tier option by setting it to 'latest'
This extension is available officially at either:
See Change Log
Updated 6 months ago