使用 kubescape 扫描时,如何在 github 操作中获取“风险评分”output?
[英]How to get the "risk-score" output in github action when scanning with kubescape?
问题描述
I'm wondering if it's possible to get the risk-score output from a kubescape scan?
我想知道是否有可能从 kubescape 扫描中获得风险评分 output? I know that we can use the parameter "-t 25" in the command for github action, but I want to use a warning instead or returning an exit error if the risk-score is above the threshold value.我知道我们可以在 github 操作的命令中使用参数“-t 25”,但如果风险评分高于阈值,我想改为使用警告或返回退出错误。
Here is a quick overview of what I want to have:以下是我想要的内容的快速概述:
jobs:
warning_message:
runs-on: ubuntu-latest
#code for getting the risk-score output
steps:
- name: check_comparaison_risk-score
if: ${{ risk_output }} > 25
run: echo "::warning ::Risk-score is above 25%"
You can propose another solution/alternative to it.您可以提出另一种解决方案/替代方案。
1 个解决方案
解决方案1
0 2022-11-21 15:33:35
You should use the official Kubescape GitHub actions , and add the failedThreshold as shown in the inputs section:您应该使用官方的 Kubescape GitHub actions ,并添加failedThreshold ,如输入部分所示:
name: Kubescape scanning for misconfigurations
on: [push, pull_request]
jobs:
kubescape:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: kubescape/github-action@main
with:
format: sarif
outputFile: results.sarif
# # Optional: Specify the Kubescape cloud account ID
# account: ${{secrets.KUBESCAPE_ACCOUNT}}
# Fail when the risk-score is higher than X
failedThreshold: 25
- name: Upload Kubescape scan results to Github Code Scanning
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: results.sarif
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.