Integration with CI/CD
March 27, 2024
ID 267228
Kaspersky Container Security lets you scan images of containers and IaC residing in code repository management systems in the CI/CD process to detect vulnerabilities, malware, misconfigurations, and exposed sensitive data.
During the project build stage in the repository management system, you can run the Kaspersky Container Security scanner to check the objects in the repository for compliance with the enabled security policies. The scanner is started from a registry using an Agent, such as GitLab Runner in GitLab. Data on the scan job and the direction of scan results are forwarded through the application programming interface (API).
When running an object scan during the project build stage, you must make sure that the Fail CI/CD step is not selected in the settings of the applied assurance policy. If this setting is activated, the solution will notify you of an error during the scan.
The scan results are displayed in the list of images in the Inventory → CI/CD → Scanning in CI/CD section.
For each of the objects in the table, Kaspersky Container Security displays the following:
- Date and time of the last scan.
- Name.
- Risk rating.
- Summary scan results with an indication of the identified objects related to vulnerabilities, malware, sensitive data and misconfigurations.
- Artifact type.
- The number and pipeline of the build in which the image was scanned.
In the section Resources → CI/CD → Scanning in CI/CD section, you can also generate a report on images that are scanned within the CI/CD process.
Reports are generated only for objects with the Image artifact type. In this section, a report cannot be generated for other types of artifacts.
