Dean Naqvi requested to merge kubescape-dean into master May 21, 2024

General MR

Summary

Kubescape scan stage added for EKS
Added a kubescape_scan function in templates.sh

Function is doing the following:

Installing kubescape CLI.
Creating kubescape-result directory which will store scan results as artifacts.
Added a check if there are severities greater than 0, we are failing the stage with warning so that anchors can review the scan results.
Currently we are doing 2 scans one with nsa, and mitre framework combined, and second one is just standalone nsa.

A new stage is created with the name eks kubescape scan is added in the bigbang.yaml which will run right after eks bigbang up stage it will perform the scans if there are are any high or critical misconfigurations as per the compliance the kubescape scan stage will fail with warning.