CircleCI

How to integrate Kubescape to Circle CI workflows

Scanning YAML files in your workflow

Basic setup

  1. Add .circleci/config.yml to your repository
  2. Add the following text to the contents of the config.yml to scan your Kubernetes objects
version: 2.1

jobs:
  scan-application-yaml:
    docker:
      - image: quay.io/armosec/kubescape:latest
    steps:
      - checkout
      - run:
          name: "Scan YAML"
          command: kubescape scan framework nsa *.yaml -f junit -o results.xml    
      - store_artifacts:
          path: results.xml
          destination: TestResults
      - store_test_results:
          path: results.xml
      
workflows:
  application-delivery:
    jobs:
      - scan-application-yaml

This will scan your YAML files in the root directory of your Git repository.

Scanning your entire Cluster in your workflow

In some cases you would want to scan your entire cluster after you applied the new YAML.
Note that in this case you need the CI/CD worker to have access to the target K8s cluster.

Adding Cluster Scan

Follow the instruction as in scanning a YAML file (#Scanning-YAML-files-in-your-workflow)
Replace the scan step with:

command: kubescape scan framework nsa --exclude-namespaces kube-system,kube-public -f junit -o results.xml

Did this page help you?