Skip to content

ci: add kubescape security scanning workflow#4859

Closed
SpootyMcSpoot wants to merge 1 commit into
kubernetes-sigs:mainfrom
Anomalous-Ventures:ci/kubescape-scan
Closed

ci: add kubescape security scanning workflow#4859
SpootyMcSpoot wants to merge 1 commit into
kubernetes-sigs:mainfrom
Anomalous-Ventures:ci/kubescape-scan

Conversation

@SpootyMcSpoot
Copy link
Copy Markdown

@SpootyMcSpoot SpootyMcSpoot commented Mar 10, 2026

Summary

  • Add Kubescape security compliance scanning via org reusable workflow
  • Scans K8s manifests against NSA and MITRE frameworks on PRs
  • Results uploaded to GitHub Security tab (SARIF)

Test plan

  • Verify workflow triggers on PR with K8s changes
  • Verify scan results appear in Security tab

@k8s-ci-robot
Copy link
Copy Markdown
Contributor

k8s-ci-robot commented Mar 10, 2026

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: SpootyMcSpoot
Once this PR has been reviewed and has the lgtm label, please assign sniok for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@linux-foundation-easycla
Copy link
Copy Markdown

linux-foundation-easycla Bot commented Mar 10, 2026

CLA Not Signed

@k8s-ci-robot k8s-ci-robot requested a review from sniok March 10, 2026 22:45
@k8s-ci-robot
Copy link
Copy Markdown
Contributor

k8s-ci-robot commented Mar 10, 2026

Welcome @SpootyMcSpoot!

It looks like this is your first PR to kubernetes-sigs/headlamp 🎉. Please refer to our pull request process documentation to help your PR have a smooth ride to approval.

You will be prompted by a bot to use commands during the review process. Do not be afraid to follow the prompts! It is okay to experiment. Here is the bot commands documentation.

You can also check if kubernetes-sigs/headlamp has its own contribution guidelines.

You may want to refer to our testing guide if you run into trouble with your tests not passing.

If you are having difficulty getting your pull request seen, please follow the recommended escalation practices. Also, for tips and tricks in the contribution process you may want to read the Kubernetes contributor cheat sheet. We want to make sure your contribution gets all the attention it needs!

Thank you, and welcome to Kubernetes. 😃

@k8s-ci-robot k8s-ci-robot requested a review from yolossn March 10, 2026 22:45
@k8s-ci-robot k8s-ci-robot added cncf-cla: no Indicates the PR's author has not signed the CNCF CLA. size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Mar 10, 2026
@SpootyMcSpoot
Copy link
Copy Markdown
Author

SpootyMcSpoot commented Mar 10, 2026

Opened against wrong repo by mistake, closing.

@SpootyMcSpoot SpootyMcSpoot deleted the ci/kubescape-scan branch March 11, 2026 00:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sniok sniok Awaiting requested review from sniok

@yolossn yolossn Awaiting requested review from yolossn

Assignees

No one assigned

Labels

cncf-cla: no Indicates the PR's author has not signed the CNCF CLA. size/S Denotes a PR that changes 10-29 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@SpootyMcSpoot @k8s-ci-robot