我试图通过github动作发送kubescape报告,不幸的是,我有一个错误如下所示:
扫描结果尚未提交:免费注册:https://portal.armo.cloud/account/sign-up
当然我已经创建了一个帐户,我试着像这样提交报告:
kubescape:
runs-on: ubuntu-20.04
strategy:
matrix: { dir_kube: ['ionos/kubernetes/dev/*.yaml', 'azure/kubernetes/prod/*.yaml', 'ionos/kubernetes/prod/*.yaml']}
steps:
- name: Clone repo
uses: actions/checkout@master
- name: Install kubescape
run: curl -s https://raw.githubusercontent.com/armosec/kubescape/master/install.sh | /bin/bash
# Scanning cluster, specified by filter path
- name: Scan repository
run: kubescape scan --submit --account=${{ secrets.KUBESCAPE_REPORT }} ${{ matrix.dir_kube }}
密匙对应我的密匙帐户
我试过了:
- 替换secret(以防我输入错误)
- add
--verbose - 添加
--logger debug - 从我的机器直接扫描并发送报告(我设法正确地发送报告,但正如你想知道的,我不想从我的机器上做,因为它是一个cron作业。)
从GA中可以做到吗?我错过什么了吗?
Kubescape刚刚发布了向门户提交文件扫描的支持。检查它现在与最新版本!
设置一个名为KUBESCAPE_ACCOUNT的github秘密。
name: Kubescape scanning for misconfigurations
on: [push, pull_request]
jobs:
kubescape:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: kubescape/github-action@main
continue-on-error: true
with:
format: sarif
outputFile: results.sarif
# Specify the Kubescape cloud account ID
account: ${{secrets.KUBESCAPE_ACCOUNT}}
- name: Upload Kubescape scan results to Github Code Scanning
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: results.sarif