Kaspersky Container Security
Specifying secrets when starting a scan
When starting a scan job in the CI/CD process, the registry containing the scanner image (the lite or with-db scanner for the corresponding version of Kaspersky Container Security) can be accessible only after authorization. For authorization, you can pass the required secrets in the scan job.
To be authorized for access to the registry when starting a scan job:
- Create a secret:
kubectl create secret docker-registry ci-creds --docker-server=client.repo.example.com --docker-username=username --docker-password=password
- In the scan job, specify the value of the
imagePullSecrets
variable:imagePullSecrets:
- name: ci-creds
- Start the scan job.
In this example, the scan job contains the following secrets:
- The secret for downloading the scanner image (specified in the
imagePullSecrets
variable). - The password for downloading the image to be scanned if access to the relevant registry is restricted (specified in the
COMPANY_EXT_REGISTRY_PASSWORD
variable).
You can omit these passwords if the registry that the solution gains access to when running a scan job is accessible without authorization.
Page top