How to test the OSS Assessment Service

Generate a Kubescape report

Kubescape offers two scanning methods: scanning repositories/file systems or scanning K8S clusters. We'll use the Bitnami Kubescape docker image in both cases.

Scanning repositories

This is a typical Helm charts repository scan. We'll need to configure the Kubescape image with an external volume to generate the output file. Other than that, the command uses the following parameters:

• oss-assessment: This indicates that we're going to use the dedicated functionality for the OSS Assessment rather than a standard Kubescape execution.
• GIT Repository URL: This can take the form of a remote repository URL like in the example or a local folder.

      docker run --rm -it -v /tmp:/output \
        bitnami/kubescape:3.0.3 oss-assessment \
        https://github.com/Telefonica/helm-charts/tree/master \
        --output /output/telefonica.json
      
    

Scanning K8S clusters

The Kubescape CLI will scan the default Kubernetes context, but we'll need to pass those parameters to the Kubescape docker image for the oss assessment.

• oss-assessment: This indicates that we're going to use the dedicated functionality for the OSS Assessment rather than a standard Kubescape execution.
• kubeconfig: Location of your local kubeconfig file relative to the mounted volume.
• kube-context: Optional parameter to indicate a specific context within the kubeconfig.
• include-namespaces: Optional parameter to limit the scan to specific cluster namespaces.

      docker run --rm -it -v /tmp:/output -v $HOME/.kube:/.kube \
        bitnami/kubescape:3.0.3 oss-assessment \
        --kubeconfig /.kube/config \
        --kube-context content-platform \
        --include-namespaces kafka \
        -o /output/content-platform-kafka.json