Image scanning in CI/CD processes

Kaspersky Container Security allows you to scan images that are used in CI/CD. The solution is incorporated into CI/CD as a pipeline stage, where the Kaspersky Container Security Scanner is run.

To scan images from CI/CD, you should configure the integration of Kaspersky Container Security with CI/CD processes.

Kaspersky Container Security performs the following types of scans in CI/CD:

• Scanning of images in TAR archives A TAR archive is stored as a build artifact that the solution scans in the next build pipeline.
• Scanning a Git repository, which can be performed in one of the following ways:
  • for a project branch (individual development path) in the Git repository
  • for a commit (state snapshot or checkpoint in the project's timeline)

The scanning results are forwarded to the server and are displayed in the Management Console in the Inventory → CI/CD section. The provided table lists the images that were scanned, shows the results of the risk assessment, and indicates the detected vulnerabilities.

You can click the image name link to open a page with detailed information about image scanning results. This page is similar to the page showing the results of registry images scanning.

Kaspersky Container Security also displays the type of artifact for each object. Two main artifacts are used:

• File system is a repository containing configuration files.
• Container image is a template used for runtime implementation of the container.

The table indicates the build number and build pipeline for each scan object. These parameters can be used to determine the specific stage where the image failed.

For CI/CD images, rescanning is not provided.