UNCLASSIFIED - NO CUI

Skip to content

Integrate kubescape scan with EKS in pipeline

Dean Naqvi requested to merge kubescape-dean into master

General MR

Summary

Kubescape scan stage added for EKS
Added a kubescape_scan function in templates.sh

Function is doing the following:

  • Installing kubescape CLI.
  • Creating kubescape-result directory which will store scan results as artifacts.
  • Added a check if there are severities greater than 0, we are failing the stage with warning so that anchors can review the scan results.
  • Currently we are doing 2 scans one with nsa, and mitre framework combined, and second one is just standalone nsa.

A new stage is created with the name eks kubescape scan is added in the bigbang.yaml which will run right after eks bigbang up stage it will perform the scans if there are are any high or critical misconfigurations as per the compliance the kubescape scan stage will fail with warning.

Relevant logs/screenshots

Function
image

Stage
image

Artifacts
| image

Stage kubescape scan logs
image

Linked Issue

enable kubescape in EKS BB pipeline

Upgrade Notices

(Include any relevant notes about upgrades here or write "N/A" if there are none)

Edited by Dean Naqvi

Merge request reports