Scanning images from CI/CD
Scanning images from CI/CD
3 July 2024
ID 260433
To scan images from CI/CD, in the configuration file used to integrate the repository, specify the API_BASE_URL (web-address of the Kaspersky Container Security API server) and API_TOKEN (token to access API of the Kaspersky Container Security) environment variables for the scanner.
To scan an image from a TAR archive:
- Build an image and save it as a TAR archive using any application for creating containerized images.
- Start the scan by running a command in the following format:
/scanner image.tar --file --stdout
where:
<--file> is the
file with the image to be scanned<--stdout> is
output to the security event log
Example of a configuration file with settings for scanning a TAR archive
To scan an image from a Git repository:
- In the configuration file of the Git repository, specify the token for accessing the repository (for example, GitLab requires you to indicate a value for GITLAB_TOKEN).
- Start scanning by running a command in the following format:
/scanner [TARGET] [--repo REPO_URL] [--branch BRANCH] [--commit COMMIT] --stdout
where:
<TARGET>
is the path to the file with the image to be scanned<--repo>
is the web address (URL) of the Git repository
<--branch>
is the branch of the repository to be scanned
<--commit>
is
the hash of the commit to be scanned<--stdout>
is the output to the security event log.
Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.