Azure DevOps pipeline

How to integrate Kubescape to Azure DevOps pipelines

Scanning YAML files in your workflow

Basic setup

  1. Create azure-pipelines.yml to the root of your repository
  2. Add the following contents to this file to scan the Kubernetes objects in your YAML files
trigger:
- master

pool:
  vmImage: 'ubuntu-18.04'

container: jmferrer/azure-devops-agent:latest

steps:
- script:  |
    mkdir $HOME/.local/bin
    export PATH=$PATH:$HOME/.local/bin
    curl -s https://raw.githubusercontent.com/armosec/kubescape/master/install.sh | /bin/bash
    kubescape scan framework nsa *.yaml  
  displayName: 'Run Kubescape'
  1. Run the pipeline
  2. You can see the results in the pipeline logs

Using test results

You can also have the pipeline parsing your results. You need to add a "Publish Test Results task".

Here is the same configuration as above with the added "Publish Test Results task".

trigger:
- master

pool:
  vmImage: 'ubuntu-18.04'

container: jmferrer/azure-devops-agent:latest

steps:
- script:  |
    mkdir $HOME/.local/bin
    export PATH=$PATH:$HOME/.local/bin
    curl -s https://raw.githubusercontent.com/armosec/kubescape/master/install.sh | /bin/bash
    kubescape scan framework nsa --format junit --output results.xml *.yaml -
  displayName: 'Run Kubescape'
- task: [email protected]
  inputs:
    testResultsFormat: 'JUnit' 
    testResultsFiles: 'results.xml'

Re-running the pipeline will enable Azure DevOps to parse the results


Did this page help you?