To scan images from CI/CD, in the configuration file used to integrate the repository, specify the API_BASE_URL (web-address of the Kaspersky Container Security API server) and API_TOKEN (token to access API of the Kaspersky Container Security) environment variables for the scanner.
To scan an image from a TAR archive:
/scanner image.tar --file --stdout
where:
<--file> is the
file with the image to be scanned<--stdout> is
output to the security event logExample of a configuration file with settings for scanning a TAR archive
To scan an image from a Git repository:
/scanner [TARGET] [--repo REPO_URL] [--branch BRANCH] [--commit COMMIT] --stdout
where:
<TARGET>
is the path to the file with the image to be scanned<--repo>
is the web address (URL) of the Git repository<--branch>
is the branch of the repository to be scanned<--commit>
is
the hash of the commit to be scanned<--stdout>
is the output to the security event log.