Skip to content
shield

GitHub Action

ControlPlane Kubesec

v0.0.2 Latest version

ControlPlane Kubesec

shield

ControlPlane Kubesec

Scans k8s yaml with kubesec

Installation

Copy and paste the following snippet into your .yml file.

 
              
- name: ControlPlane Kubesec

              
  uses: controlplaneio/kubesec-action@v0.0.2
Learn more about this action in controlplaneio/kubesec-action

Choose a version

Kubesec Action

GitHub Action for kubesec

GitHub Release GitHub Marketplace

kubesec_logo

Table of Contents

Usage

Workflow

name: lint
on:
  push:
    branches:
      - master
  pull_request:
jobs:
  lint:
    name: Lint
    runs-on: ubuntu-20.04
    steps:
      - name: Checkout code
        uses: actions/checkout@v2

      - name: Run kubesec scanner
        uses: controlplaneio/kubesec-action@master
        with:
          input: file.yaml

Using kubesec with GitHub Code Scanning

If you have GitHub code scanning available you can use kubesec as a scanning tool as follows:

name: lint
on:
  push:
    branches:
      - master
  pull_request:
jobs:
  lint:
    name: Lint
    runs-on: ubuntu-20.04
    steps:
      - name: Checkout code
        uses: actions/checkout@v2

      - name: Run kubesec scanner
        uses: controlplaneio/kubesec-action@master
        with:
          input: file.yaml
          exit-code: "0"
          format: template
          template: template/sarif.tpl
          output: kubesec-results.sarif

      - name: Upload Kubesec scan results to GitHub Security tab
        uses: github/codeql-action/upload-sarif@v1
        with:
          sarif_file: kubesec-results.sarif

Customising

inputs

Following inputs can be used as step.with keys:

Name Type Default Description
input String File to scan
format String json Output format (json, template)
template String Output template (/templates/sarif.tpl)
output String Save results to a file
exit-code String "2" Override the exit-code