Integrate kubescape scan with EKS in pipeline
General MR
Summary
Kubescape scan stage added for EKS
Added a kubescape_scan function in templates.sh
Function is doing the following:
- Installing kubescape CLI.
- Creating kubescape-result directory which will store scan results as artifacts.
- Added a check if there are severities greater than 0, we are failing the stage with warning so that anchors can review the scan results.
- Currently we are doing 2 scans one with nsa, and mitre framework combined, and second one is just standalone nsa.
A new stage is created with the name eks kubescape scan is added in the bigbang.yaml which will run right after eks bigbang up stage it will perform the scans if there are are any high or critical misconfigurations as per the compliance the kubescape scan stage will fail with warning.
Relevant logs/screenshots
Function
Stage
Artifacts
|
Stage kubescape scan logs
Linked Issue
enable kubescape in EKS BB pipeline
Upgrade Notices
(Include any relevant notes about upgrades here or write "N/A" if there are none)
Edited by Dean Naqvi