Kaspersky Container Security

Configuring integration with TeamCity CI/CD

To configure integration with TeamCity CI/CD:

1. Copy the API token on the My profile page to authorize the Kaspersky Container Security API in TeamCity.
2. In the settings menu in the TeamCity web interface, select Build Configuration Home → Parameters.
3. Click Add new parameters to add the values of the following environment variables:
   • API_TOKEN— specify the copied value of the Kaspersky Container Security API token.
   • API_BASE_URL — specify the URL of Kaspersky Container Security.
   • RUST_BACKTRACE — If necessary, specify full to use backtracing.
   • SKIP_API_SERVER_VALIDATION — specify true if you are using a self-signed certificate or if you need to skip authentication of the receiving server using the CA certificate of the Ingress controller.
4. Go to the Build Configuration Home → Build Step: Command Line section and click Add build step to add a build step.
5. In the window that opens, specify the following settings of the build step:
   • In the Runner type drop-down list, select Command Line.
   • In the Run drop-down list, select Custom script.
   • In the Custom script field, specify the path to the container for scanning (for example, /bin/sh /entrypoint.sh nginx:latest).
6. Under Docker Settings, specify the following settings:
   • In the Run step within Docker container field, specify the address of the scanner in the Docker registry. For example, company.gitlab.cloud.net:5050/companydev/example/scanner:v1.2.0-with-db.
   • In the Additional docker run arguments field, increase the privilege value to --privileged.
7. Click Save to save the settings.
8. Click Run in the upper-right corner of the page to start the build.
9. If necessary, download the scan results artifact, which is available on the Artifacts tab on the build scan results page in the TeamCity web interface.