Question 138614 in Ubuntu Question posted in
The official Ubuntu documentation can be found here.

Ubuntu – Kubescape report does not submit with github action

I’m trying to send a kubescape report via github action and unfortunetely, I have an error shown as below:

Scan results have not been submitted: Sign up for free:
https://portal.armo.cloud/account/sign-up

Of course I’ve created an account, and I try to submit the report like this:

kubescape:
    runs-on: ubuntu-20.04

    strategy:
      matrix: { dir_kube: ['ionos/kubernetes/dev/*.yaml', 'azure/kubernetes/prod/*.yaml', 'ionos/kubernetes/prod/*.yaml']}

    steps:

      - name: Clone repo
        uses: actions/checkout@master

      - name: Install kubescape
        run: curl -s https://raw.githubusercontent.com/armosec/kubescape/master/install.sh | /bin/bash

      # Scanning cluster, specified by filter path
      - name: Scan repository
        run: kubescape scan --submit --account=${{ secrets.KUBESCAPE_REPORT }} ${{ matrix.dir_kube }}

The secret is corresponding to my key account.

What I’ve tried:

  • Replace the secret (In case I would have mistyped it)
  • add --verbose
  • add --logger debug
  • scan and send the report from my machine directly
    (I manage to send the report correctly, but as you wonder, I don’t want to do from my machine as it is a cron job.)

Is it even possible to do it from GA? Am I missing something?

Tags:

2

Answers


  1. 0

    Kubescape just released support for submitting file scans to the portal. Check it now with the latest version!

    Login or Signup to reply.
  2. 0

    Set a github secret called KUBESCAPE_ACCOUNT.

    Then, add the following code to your workflow (copied from here):

    name: Kubescape scanning for misconfigurations
on: [push, pull_request]
jobs:
  kubescape:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v3
    - uses: kubescape/github-action@main
      continue-on-error: true
      with:
        format: sarif
        outputFile: results.sarif
        # Specify the Kubescape cloud account ID
        account: ${{secrets.KUBESCAPE_ACCOUNT}}
    - name: Upload Kubescape scan results to Github Code Scanning
      uses: github/codeql-action/upload-sarif@v2
      with:
        sarif_file: results.sarif
    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search