Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

"This resource kind is not supported by kubesec" when scanning files containing multiple seperated specs #287

Open
huornlmj opened this issue Mar 1, 2022 · 1 comment
Labels

Comments

@huornlmj
Copy link

huornlmj commented Mar 1, 2022

Describe the bug
If a file contains multiple specifications separated by three hyphens (---), kubesec fails the scan with "This resource kind is not supported by kubesec".

To Reproduce
kubesec scan (a pod spec file containing multiple specs separated by triple hyphens)

Expected behaviour
A pass / fail result should be shown, with kubesec parsing each spec individually.

Additional context
A workaround is to manually separate the individual specs into individual files and scan them with kubesec. But only one of the resulting files is scannable by kubesec.

@06kellyjac
Copy link
Member

kubesec itself is the tool at the core of it and outputs json by default, you can then parse the JSON to check if the output meets your requirements e.g. a score > 0, or criticals is empty etc
You can define and check these requirements either using some simple JSON parsing with jq and bash to check the values, or you could feed it into OPA and write rego polices.

controlplaneio/kubectl-kubesec#53 (comment)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

2 participants