This is a GitHub action for scanning Kubernetes YAML files and Helm charts in your GitHub workflow with kube-linter.
- Copy .github/workflows/kube-linter-sample.yml file to
.github/workflowsdirectory in your repo. - Adjust scan
directoryto the location where your Kubernetes or Helm files are. See Parameters below. - Adjust or remove
configparameter.
The new workflow will run every time there's a new push to the repo master branch and for pull requests.
The workflow will fail if kube-linter detects issues. You'll find issues in the output of kube-linter-action and in Security | Code scanning alerts view of your GitHub repo (if you used provided sample workflow).
- name: Scan repo with kube-linter
uses: stackrox/[email protected]
with:
directory: yamls
config: .kube-linter/config.yaml
format: sarif
output-file: kube-linter.sarif| Parameter name | Required? | Description |
|---|---|---|
directory |
(required) | Path of file or directory to scan, absolute or relative to the root of the repo. |
config |
(optional) | Path to a configuration file if you wish to use a non-default configuration. |
format |
(optional) | Output format. Allowed values: sarif, plain, json. Default is plain. |
output-file |
(optional) | Path to a file where kube-linter output will be stored. Default is kube-linter.log. File will be overwritten if it exists. |
version |
(optional) | kube-linter release version to use, e.g. "0.2.4". The latest available version is used by default. |